General Science / Science of Learning


Four Ways to Help Students Avoid Online Identity Theft

When we picture identity theft, we often imagine it occurring through the physical theft of objects that contain personally identifying information. A passport gets lost at the airport and ends up in possession of a person with sinister intentions. Someone racks up charges on the department store credit card you don’t remember activating. While this may have been the reality of identity theft 20 years ago, the landscape has changed and identity theft can occur in contexts that seem completely safe.

Today, a picture posted on Facebook with your address or an accidental login into a fake Amazon page may be the only tools that a criminal needs to steal information. NOVA’s new Cybersecurity Lab features “A Cyber Privacy Parable,” a video that describes what can happen when an innocent piece of information falls into the wrong hands.

Follow the trials and tribulations of Tim as a seemingly innocent piece of information threatens to ruin his life when it falls into the wrong hands.

What is even more unsettling about digital identity theft is that you don’t need to have a job, credit card, or online accounts to be a victim. According to the Center for Identity, children are up to 35 times more likely to have their identities stolen than adults. A 2012 Javelin study revealed that 1 in 40 households with children under the age of 18 had at least one child whose personal information had been compromised by identity criminals. Since children’s credit records are rarely ever checked until they’re of age, identity fraud can go undetected for years.


An IDWise infographic from the Center for Identity on children and identity theft

With the arrival of National Cyber Security Awareness Month this October, NOVA would like to highlight best practices to keep your identity safe, provided by the Center for Identity at UT Austin. The Center for Identity is a research institute focused on identity management, privacy, and security and they are launching IDWise, a resource center for the public with educational materials and workshops about identity theft and privacy. Parents and educators should be aware of the common threats of identity and data theft and how best to protect their children. Part of the responsibility lies in parental decision making, but as children spend more time online it’s also important that parents and educators teach their children best practices. Here are four things you can do to protect your children and students from identity fraud.

Don’t share what you don’t have to

Avoid using important personally identifying information like Social Security numbers when signing your children up for programs and organizations. Even the last four digits are valuable. When asked to provide it, ask if you can use an alternate identifier. In most cases, that Little League team or afterschool program really has no legal need for your child’s Social Security number.

Understand common social engineering and phishing techniques

As your children explore the different sectors of the internet, from gaming sites to their social media pages, it’s important that they are familiar with common phishing scams as well as the loopholes that people exploit to glean information. For example, children should be able to identify that an email request for a money transfer with sloppy grammar and a suspicious sense of urgency is most likely a phishing scam. In addition, being able to differentiate between an authentic website and a fake website that has been set up to steal login information is critically important.

Screen Shot 2014-09-21 at 9.41.58 AM

Which Google login page is a phishing scam?

NOVA’s Cybersecurity Lab contains a Social Engineering Challenge in which players learn to spot scam emails, websites, and phone calls and complete the challenge armed with practical tips to avoid becoming victims of social engineering scams.

Carefully manage privacy settings

Sharing personal details without proper privacy controls is comparable to walking into the middle of Times Square and shouting out those details…except everyone in the world with an internet connection can tune in. Seemingly harmless information like an address or a phone number can make you a target for cybercriminals who can follow the trail of that information to exploit you. Often a single piece of information like a full legal name and DOB may be all someone needs to find more secure info that they can use to their advantage.  If your children have social media pages, make sure that they are using strict privacy settings and that they are aware of the dangers of revealing personal and detailed information online.

Check out the Center of Identity’s Beat the Thief game, a fun resource that teaches children the importance of paying attention to the information that they choose to publicly share online.

In Beat the Thief, players make choices about sharing information publicly or privately and discover how to safely communicate.

Make secure passwords and use two-factor authentication

Having a set of strong, unique passwords across different websites is one of the most important steps you can take to protect your privacy and identity. A strong password should generally be a “nonsense word” that is at least 8 characters long and contains a mixture of numbers, symbols, and capitalized letters. However, even with a strong password, you can still be susceptible. A common loophole that criminals can exploit is the “I forgot my password” option. If your password hint is “the name of my high school” or “my mother’s maiden name” and the answers are factual pieces of information that a stranger could find, you could endanger yourself.

Two-factor authentication adds an extra layer of protection to your online accounts by requiring you to enter a code sent to your phone, usually via app or text message, in addition to your password when accessing your online account. Companies like Google and Facebook currently offer two-factor authentication and given the nature of the content that’s hosted on those sites, it is highly recommended that all users activate that option.

As our lives become more dependent on the internet for work, education, and entertainment, it’s important that we learn to take precautions to protect the data that we and our families share online. For more educational resources about safeguarding your identity, privacy, and data on the internet, check out the following websites:

NOVA’s Cybersecurity Lab
A game designed to teach people how to keep their digital lives safe, spot cyber scams, learn the basics of coding, and defend against cyber attacks

Center for Identity’s IDWise
A resource center for the public on identity theft, fraud, and privacy

A global cybersecurity awareness campaign that communicates approaches and strategies for the public to keep themselves, their families and their communities safer online

Tell us what you think on Twitter, Facebook, or email.


Ralph Bouquet

    As the NOVA Labs Outreach Coordinator, Ralph is responsible for working with educators and partner organizations to grow and support NOVA Labs’ educational community. Before NOVA, Ralph taught high school biology and chemistry in Philadelphia and later developed web and mobile apps with the Canary Calendar team. Ralph received his B.A. from Harvard University, and focused on secondary science methods and urban education while working towards his M.Ed. from UPenn.