Deals offering discounts for buying school supplies and textbooks can lure students preparing for their return to the classroom since cyber criminals are keeping a watchful eye to prey on unsuspecting shoppers to steal their information.
Fraudsters are taking advantage of back to school sales and tax free holidays and sending phishing emails mimicking major retailers, Darren Guccione, CEO at Keeper Security, a Chicago-based provider of zero-trust and zero-knowledge cybersecurity software, told TheStreet.
“As students and teachers prepare to head back to the classroom, bad actors often take advantage of the opportunity,” he said.
Practicing good cyber hygiene is essential and students, teachers and parents should use strong, unique passwords and a password manager to avoid remembering all of them, Guccione said.
One of the most common scams is sending phishing emails that appears to come from your favorite store.
“This is the perfect time to reiterate the simple actions that keep us all safe online,” he said. “We encourage everyone to think before you click and always enable multi-factor authentication on your accounts.
Parents and teachers should speak about basic rules on how to tell if a link is authentic with their children and students and remind them that cyber criminals are always lurking online.
One of the most important things is to have good communication between the parents and their kids and between teachers and their students,” Guccione said. “If something goes wrong, you don't want your child or student to be shy about it.”
Clicking on a link that is not secure or is a phishing attempt is common and should be discussed.
“For example, if they clicked on a link they shouldn't have clicked on, you want them to open up - you want them to tell you what happened because a small problem could get much worse if you don’t act quickly,” he said.
Refresh Cybersecurity Training
Educators, administrators and students need to undergo frequent cybersecurity training in order to keep cybersecurity best practices fresh in their minds, Joseph Carson, chief security scientist and Advisory CISO at Delinea, a Redwood City, Calif.-based provider of privileged access management (PAM) solutions, told TheStreet.
One rule of thumb is that before anyone clicks, they should stop and think PHISH, an acronym which offers a fun way to remember best practices to deter sophisticated cybercriminals, he said.
PAUSE: We’re all in a hurry but take a moment to examine every email before clicking on anything.
HOVER: Hold your cursor over any link to make sure the destination matches and looks legitimate before clicking on it.
INSPECT: Check the email and see if anything looks off, such as easy spelling/grammar errors, fuzzy graphics, etc.
SOURCE: Rather than clicking on a suspicious link that requests sensitive information, go directly to the website, and confirm whether the requesting organization is really asking for it.
HELP: If you aren’t sure if an email is legitimate or not, ask for help or call the person/organization directly to confirm it’s not a phishing request. Never be afraid to ask for help.
How to Get a Deal Without Being Hacked
Shopping deals are plentiful when schools and universities are set to start classes again. Online retailers offer discounts and often require customers to create a user account before they can finalize their purchase.
Consumers should only enter the basic information needed to activate such an account, Carson said.
“Providing excessive information such as the date of birth, identity document details and phone numbers can increase cybersecurity risks,” he said. “If a user already has this information set with certain online retailers, it is important that it is hidden or removed from a profile. Where possible, it is best to proceed as a ‘guest’ when checking out.”
Financial Aid Programs Can Be Scams
When students are applying for financial aid, they should ask a counselor for a list of reputable sources, Ryan McCurdy, vice president of marketing at Bolster, Inc., a Los Altos, Calif.-based provider of automated digital risk protection, told TheStreet.
Emails that appear to have originated from a school or college should be double-checked, especially if the email is seeking more information than they need, he said.
Being suspicious will prevent people from being a victim of a hack.
“Only shop on reputable e-commerce sites for back-to-school supplies,” McCurdy said. “Before clicking on any link sent to you, use a link-checking website such as Checkphish.ai, a free phishing URL scanner to detect online scams in real-time. If you come across a suspicious link, scan it there before accessing it.”
Tuition is costly, especially with higher rates of inflation and a potential recession. Both parents and students are trying to cut back on spending.
While student loans and scholarships can “lessen the load of payments, scammers will use this to their advantage to trick families into sharing personal information,” Clayton LiaBraaten, senior strategic advisor at Truecaller, a Stockholm-based caller ID and spam blocking app, told TheStreet.
“In search of better rates, families will end up losing money if they’re not careful,” he said. “Look out for the red flags like payment urgency or lack of first account reviews and make sure to do your homework before sharing personal information with a loan or scholarship provider.”
Scammers simply want to steal either payment information or login credentials from unsuspecting consumers, John Bambenek, principal threat hunter at Netenrich, a San Jose, Calif.-based security and operations analytics SaaS company, told TheStreet.
“Before you enter your credit card info or log in, make sure when you think you’re at Amazon, the URL in the browser actually says Amazon.com,” he said. “Attackers will use slight variations or things like amazon.com.iamstealingyourcreditcard.info. Vigilance in that detail will help many people.”
There are several free services that can protect students from phishing at home such as Quad9s. “By setting your home router’s DNS settings to 9.9.9.9, you will start filtering out known threats so accidental clicks don’t lead to credit card fraud,” Bambenek said.