91福利

Skip to Main Content
You are now in the main content area

Cybersecurity tips for students: Stay safe on social, avoid scams, protect your accounts and more

Check out the digital dos and don'ts to boost your online security, part of our series on back-to-school tips
By: Lindsey Craig
September 15, 2022
A young woman looks down at her phone while standing in a coffee shop.

Students are often targeted by scammers during the back-to-school season, since many are opening new accounts and are 鈥渇looded鈥 with new friend and 鈥渇ollow鈥 requests, says Richard Lachman, professor in The Creative School at 91福利. (Angelo Moleele/Unsplash)

It happens all the time.

You get a text message, an email, or a notification on your phone: 鈥淪omeone has logged into one of your accounts. Click on this link to report it,鈥 it says. What do you do? Is it real? How do you know?

A few minutes later, you get a 鈥渇ollow鈥 request on Instagram. You don鈥檛 actually know the person, but they鈥檙e friends online with a guy you just met in res - so you should just accept, right?

Later, a message pops up on your phone - it鈥檚 from your cousin who鈥檚 on vacay in Thailand. She needs money ASAP. 鈥淧lease help!鈥 she writes. Do you send the money?

Not without following some very specific steps first, says Richard Lachman, professor in The Creative School at 91福利 (91福利), who says these kinds of situations are all too common.

And, he explains, students are particularly vulnerable at the beginning of the school year.

鈥淭hey鈥檙e setting up new email addresses and bank accounts for OSAP and student loans, meeting and adding new classmates, friends and teammates to social media - it鈥檚 an ideal situation for scammers,鈥 he said.

But, that doesn鈥檛 mean we should be scared of technology - instead, we just need to be smart.

We need to ask ourselves, 鈥楬ow can we be a little bit safer? Is it abstinence? And no - abstinence from the internet is not going to work.

Richard Lachman

So, if you鈥檙e a student looking to score an A in online security - or if you鈥檙e a mom, dad or sibling who could benefit, too - check out these tips to keep your information safe:

Friend/Follow requests

The start of the new school year is a good time to carefully evaluate who鈥檚 following you on social.

鈥淪tudents will be meeting a lot of new people - some will be flooded with requests,鈥 Lachman said. 

So, when you get a friend or 鈥渇ollow鈥 request, there are a few things you can do before clicking 鈥渁ccept鈥:

  • Click through to see how many friends that person has. If there aren鈥檛 many, it may not be a 鈥渞eal鈥 account.
  • Look at how many people are following that person. If it鈥檚 just a few followers, it鈥檚 a flag.
  • Is there anything about it causing you to pause? For instance, what photo have they used? Do they live in your region? Is the account only re-posting messages from other sites?

鈥淚t only takes a few seconds to look at these things - and scams can happen with just a click,鈥 Lachman said.

Several computers and cell phones seen on a table in a shared work space as students work away.

It鈥檚 easy to click on a 鈥減hishing URL鈥 - or a malicious website - if you鈥檙e not paying attention. (

Types of scams

Lachman explains three types of scamming strategies:

  1. You're contacted by an entirely fake account, and they鈥檙e trying to connect with you to boost their followers on their own account (to seem more legitimate, and win the trust of others)
  2. An online quiz asks innocuous questions, but buried in the list is information that could be used to steal your identity (for example, the street where you were born)
  3. A friend鈥檚 account has been compromised. When that happens, the scammer might pretend to be that person, and reach out to the friend鈥檚 contacts asking for help or money

Warning signs

Lachman says scammers will either be very specific with their request, or very simple and generic to make the 鈥渁sk鈥 seem straightforward and common. 

They will also know what might trigger a young person to panic.

You might click on a link that encrypts your entire computer and the scammer will say, 'If you want access to your term paper or all your photos, you have to send this much money to this account first, and then we鈥檒l give you access'

Richard Lachman

Professional vs personal profiles

Another thing to be mindful of is which of your profiles are publicly visible and which have your real name. 

鈥淒o your best to keep your social and professional or student life separate. Maybe you鈥檙e not doing anything illegal in that photo, but maybe it doesn鈥檛 represent the company or the school you鈥檙e applying to,鈥 Lachman said. 

He notes that for some students, such as a student in fashion or design, Instagram might be their professional profile.

鈥淚n that case, you just need to be thoughtful about who you are speaking to every time you are posting,鈥 Lachman said. 鈥淚t鈥檚 a bit sad - you can鈥檛 be your unfiltered self, but you need to be deliberate about what you make public.鈥

Use a password manager

One of Lachman鈥檚 top tips is to use a password manager.

鈥淲e all create passwords, and we hate that we have the upper case and lower, and the three special characters - we never remember them,鈥 he said.

The solution? A password manager, such as Last Pass and 1Password, or the free manager built into Google Android or Chrome.

With a password manager, you create one password, and the password manager creates different passwords for you across all of your accounts - banking, social media, email, etc.

It means that that one password needs to be very secure. 

鈥淏ut instead of, you know, 鈥楬ello123鈥, you use three random words that make sense to you but no one else,鈥 Lachman explained. 

鈥淪o maybe for you it鈥檚 鈥榟orse-stapler-cheeseburger鈥, and maybe a number and special character is in there too. But it鈥檚 three words that are easy for you to remember and that no one else could ever guess.鈥

Two-factor authentication

Lachman鈥檚 next recommendation is to use two-factor authentication (or MFA - multi-factor authentication) for your accounts. This involves an app that is downloaded to your phone, or getting a text-message. When you log into your email, you will be prompted to enter a special number or code, which you will find in the authenticator app on your phone, or get by text. 

鈥淪o, for someone to break into your email, they would need both the email password and the authenticator code,鈥 Lachman said, noting that Instagram and Facebook are 鈥渉ammered鈥 with attacks, so it鈥檚 worthwhile to have this for social media too.

Phishing (not fishing) attacks

Phishing is when someone sends you a link which appears to be authentic, but isn鈥檛. The sender may ask you to click on it, and if you do, it may take you to a site that installs compromising software on your computer.

鈥淭he tricky part is, the link could be in what looks like a regular email from say, student services or your bank,鈥 Lachman said.

To determine if a link is authentic on your computer, hover your mouse over the link, and view the URL that appears. The area to focus on is the domain - or what comes just before the 鈥.com鈥, 鈥.ca鈥, or other last letters in a website URL. If it鈥檚 a scam, the domain won鈥檛 be that of the institution it claims to be.

To do this on your phone, try holding your finger over the link instead of tapping; you should be able to preview the full URL without loading it.

Whatever device you鈥檙e on, Lachman says, 鈥淎lways look before you tap.鈥

He also notes that if you receive a message or a call asking for your account or personal information, don鈥檛 give it to them. Ask if you can call that institution back to check with them, and use the number on their website. 

A young male sits outside looking at his phone on a fall day.

Is that email really from who you think? If in doubt, always check the URL domain before you click. (Timi David/Unsplash)

Back it up

Another crucial step in protecting your files and accounts is to ensure you have a backup system in place. 

鈥淓very student will have a crash at some point - they might lose their term paper or their photos. So, figure out how you鈥檙e going to back everything up because you could lose weeks of work,鈥 he said.

Buying and selling online 

Buy-and-sell apps are a great place to find a deal on furniture or clothes for the new school year. But it鈥檚 important to be mindful about where you agree to meet and how the payment will be made.

For smaller items that are portable, choose a neutral location. In some cities, local police stations allow people to meet in a 鈥渟afe transaction site鈥 or even the front lobby to exchange the item.

鈥淭hey鈥檙e unlikely to rob you in front of a police station,鈥 Lachman said.

For the transaction itself, be sure to check that the e-transfer is completed on the spot with the buyer. You may also want to create a different email address for buy-and-sell transactions. Those using Facebook Marketplace may also want to create a different Facebook account with a different name and photo just for such transactions.

On a final note, Lachman reminds that while getting a credit card or a driver鈥檚 license can be exciting, 鈥減osting a photo of it online that shows the number on it is not the best idea.鈥

The bottom line 

鈥淚f you鈥檙e not sure, trust that unease. Just say no or don鈥檛 click,鈥 Lachman said. 鈥淲e don't want to make it seem like the world is so terrifying and scary鈥 Just do a few simple things and then you can enjoy.鈥

91福利 links for online safety and security:

Related stories:

Share This

More News

All News Stories