Background Image
DCA College Email Theft

College Students: You May be a Target on the Dark Web

DCA, Friday, September 1, 2017

The perks of your student email address are plentiful: discounts on sites like Amazon prime and Github, and even free or cheap software from big names like Adobe and Microsoft. With deals such as these, designed to help students succeed in their college careers, it isn't hard to imagine others wanting to score some sweet deals too. And believe us—they do.

This is where academia and the Dark Web collide. Did you know your student email can be stolen and sold for as little as $3.50 in seconds? And that’s not all; a compromised student account can also lead to personal information and other accounts being bought and sold on the Dark Web, putting you at serious risk of identity theft and fraud.

Read on as we enter the world of the college-targeting Dark Web to bring you an understanding of this unsettling issue and help you keep your information protected.

When Did This Begin?

While the Dark Web has been active for several years prior, The Privacy Right Clearinghouse has been tracking breaches targeting .edu addresses since 2005. So, the bad news is, it’s been going on for well over a decade.

DCA Graph

The good news? Breaches targeting student, administrative, and professor accounts have tapered off, with the total number dropping each year since 2012, as shown in the graphic above. While this fact may be reassuring, it doesn’t mean your account and personal information isn’t in danger.

Who’s Really at Risk?

If you think your alumni status or simply being employed at an institution lowers your risk on the Dark Web, think again. Alumni, faculty, and staff accounts are just as easily bought and sold on these illicit sites. Some are even more sought-out, as different roles at the institution can allow Dark Web criminals to access sensitive information and systems to get the information they want.

So, while student accounts are often the main target, this can be widely due to the sheer numbers of student-to-staff ratio at any given university. Meaning it may be time for a password refresh even if you’ve been graduated for years.

Top School Targets

On the Dark Web, some student accounts are far more prevalent than others. We sought out to find which schools are the top targets of these illicit sites. Here’s what we found:

Students at the University of Michigan, Pennsylvania State University, and the University of Minnesota are the top three schools with compromised accounts found most often on the dark web, with numbers well over 100,000 in one month alone.

Also among the top targeted universities is Ohio State University, whose cyber attack garnered news coverage last March when several student and faculty accounts landed in the hands of “global terrorists”. The full list of top ten schools can be seen below.

edu hack graph

Does this mean only students, faculty, and staff at these top institutions should worry? Unfortunately, no. As far as the Dark Web is concerned, an .edu address is valuable no matter the school it’s attached to. Luckily, there are ways to look for signs of compromise and protect your accounts in our next section.

How to Keep Yourself Protected

Listen—we get it, we’ve seen the memes. Password education isn’t very exciting, and the cumbersome task of creating a strong password is often mocked all over the internet. But password safety really is where security starts.

Many students often use the same password for their student accounts as they do for several other online services; which means once one of your accounts is compromised, they all are. If you’re unwilling to take that risk, then you’ll need to resist throwing out your ‘change password’ emails when they appear from your institution and instead take action.

We’ve even included some tips from our College Credentials and Dark Web report to help make your passwords as secure and protective as possible below.

password advice for college students

Passwords aren’t the only security measure you can take. Pay close attention to the sites you visit and links sent to you via email. Do some of these sites and links seem fishy? When it comes to account safety, always trust your gut and opt for caution over risk, or you may end up on the Dark Web.

What Schools Can Do to Keep Information Safe

While strong and protective passwords are the beginning of keeping your information secure, it doesn’t stop there. Fortunately, universities often have dedicated cyber security measures in place to help protect the accounts of its students and staff.

What these programs can do to keep accounts safe is to focus on password education as well as testing students and staff to see who is more likely to click on bad links that can compromise security.

Additionally, multi-factor authentication can be implemented for an extra layer of security. Even if an account password is sold on the Dark Web, thieves will have a much tougher time when there are even more layers of security than meet the eye. This system can help protect accounts, even after they’ve been compromised.

Moving Forward

While the college-facing Dark Web shows signs of slowing, it definitely shows no signs of stopping. As more and more perks for students pop up online, the Dark Web continues to be a steady source of stolen accounts and identities to help connect thieves to their stolen goods.

By following the safety tips outlined in this post, both you and your school can greatly reduce your risk of being a victim of account fraud, a stolen identity, or both.

For more information, check out our in-depth report on the college-facing Dark Web. There, we give you the complete run-down on these illicit activities and provide even more safety tips that can save your account and even your identity.

on Internet Safety
View the Latest
Tell Your Friends

Fill out the fields below to receive newsletters and other important updates from Digital Citizens.

First Name
Last Name
Email Address

  • Twitter