Academic email theft affects students nationwide

Meryl Paine

Staff Writer

When you hear “identity theft” or “cyber crime,” you probably think about your credit card, your social security number or any one of your social media accounts being stolen or hijacked. However, another tasty target for cybercriminals is your email address, and more specifically, your .edu college email.

Cyber Criminals, College Credentials, and the Dark Web, a new study published by the Digital Citizens Alliance, sheds light on the issue of identity theft in higher education. The DCA studied the darknet, an area of the internet that requires special software or authorization to access, and is usually used for criminal activities. Using Dark Web ID, a tool used to detect cyber threats and identify stolen records, DCA combed the darknet for email addresses and credentials belonging to American colleges and universities.

After searching more than 86,000 .edu email domains, with over 13 million addresses, the DCA compiled a list of the top 300 colleges and universities found on the darknet. Topping the list was University of Michigan, with 122,556 college credentials being found on the darknet. Colleges and universities such as The Pennsylvania State University, University of Minnesota, New York University and University of Florida also ranked highly. These .edu domains sold for about $3.50 to $10 on average and are popular with cybercriminals because they can be used to get discounts on software and services like Amazon Prime, as well as being used in scams against others in college communities.

The DCA offered some strategies for students to avoid their .edu accounts being stolen, mainly in strengthening passwords. By using a combination of letters and numbers, uppercase and lowercase letters, and by not reusing passwords, students can protect themselves from those who might try to steal their accounts. Other pieces of advice included using phishing simulations, which test users to see how well they avoid clicking malicious links, and implementing multi-factor authentication, which requires a secondary confirmation when a user logs in.

Most University of Scranton students are good at following these password guidelines; in a poll of students, 100 percent of those polled used numbers in their Scranton password, and 89 percent used a combination of upper and lowercase letters. However, only 21 percent used some sort of symbol in their password, and 71 percent reused their password from another social media or email account.