Blog from June, 2018

The CCCApply Administrator 2.0 is an upgrade version to the existing admin tool currently in use by all California Community Colleges using the student-facing CCCApply applications. The majority of the development is feature parity, which means the modules and components were simply reworked in new, more modern technology in order to work better, look better, and fix long-standing bugs in the original Php-based code. All the existing feature functionality has been carried over to the new tool - in addition to a handful of new features.

What is the new CCCApply Administrator 2.0?

CCCApply Administrator 2.0 is an upgraded version of the existing CCCApply Administrator tool currently in use by 110 California Community Colleges across the system. The majority of the development is feature parity, which means that the existing modules and utilities were simply reworked in java-based, spring boot technology in order to work better, look better, and fix long-standing bugs in the original Php-based code. All the original functionality has been carried over to the new tool - in addition to a handful of new features.

What is the purpose of the upgrade?

The primary objectives for the new product is twofold: 1) replace the existing, outdated and unsupported, PHP-based legacy Administrator system with a user-friendly, java-based, spring boot web application and new architectural framework, designed to adapt and scale as additional CCCApply applications, utilities, and connected web services are added  to the system over the next several years; and 2) implement a new, centralized administrator system - called the CCC Administrator - which delivers SSO-based authentication, flexible application-specific user authorization, and shared identity and access management services for all CCC Technology Center admin applications via one single-point-of-entry for all CCC college and district users.

See Introduction to the CCC Administrator for more information.

What is the difference between the two Administrators?

The CCC Administrator does not manage admin data or settings for any specific application, but does serve at the gateway to all admin systems across the CCC Technology Center. Starting with this initial product launch, the tool’s purpose is to serve as the single point-of-entry (one URL for all tools and services), as well as to manage user identity and access management for all integrated administrator systems, including the CCCApply Administrator 2.0, CCC Report Center, and the new Canvas Web App (the new admin configuration tool for colleges who have implemented the College Adapter (Glue 2.5) for Canvas LMS). With one user account, authorized college and district users can leverage single sign-on to access all admin services, minimizing the need to maintain multiple user credentials and disparate application URLs.

The CCCApply Administrator 2.0 - though the name is very similar and should not be confused with the central core admin system - provides admin configuration and custom data settings for the CCCApply Standard, International, and CC Promise Grant (BOG) applications only.

What has changed between CCCApply Admin 1.0 and Admin 2.0?

The most significant change between the current CCCApply Administrator (also known as Admin 1.0) and the new 2.0 system is the addition of the new centralized CCC Administrator service which now sits in front of it - and must be passed through - in order to facilitate SSO-based authentication and uniform user experience.

As mentioned above and throughout related documentation, users can no longer access the CCCApply Administrator directly, and all users will first navigate to the CCC Administrator as the single point-of-entry and launch the CCCApply admin tool from there.

User and access management, include creating and managing user accounts for CCCApply administrator access as well as the CCC Report Center, has moved from within the CCCApply Administrator to the central core admin system (CCC Administrator).

User Management Moved to CCC Administrator
User management, previously maintained in the CCCApply Administrator, has moved to the new central core admin system, the CCC Administrator.

All existing CCCApply user accounts are being migrated over to the new system with the “Basic User” role which will still allow full access to their application data (terms, majors, rules, messages, supplemental questions, and other college information.) The “Add User” role is being redefined to allow other admin services to leverage similar authorization in their systems.


With the new centralized CCC Administrator, college and district users now only have to maintain one URL and one set of login credentials for all their authorized admin systems. Once logged in, users can launch and navigate to multiple admin applications in a single session, including the new CCCApply Administrator 2.0, and the Canvas Web App.

New CCCApply Administrator 2.0 Features

Though 90% of the feature functionality in the new Admin 2.0 application will not change in the new upgrade, several new features were implemented and are limited to:

  1. Majors Category Filter: A new “Major Category” filter has been built into the Majors module for categorizing and enhanced filtering of the display of your college Majors in the Standard and International applications;

  2. Spam Filter Web Service & User Interface: A new spam filter web service and user interface has been developed and added to the CCCApply post-submission application service to prevent fraudulent applications from making it through to the college downloads via CCCApply. See Spam Filter Web Service for more information.

Who will be affected by the new CCCApply Administrator 2.0? How?

At this time in the OpenCCCApply adoption cycle,  110 colleges have already implemented OpenCCC and the Standard Application, including custom admin configuration of their data settings in the current (legacy) Administrator.

About the New CCC Administrator

The CCC Administrator is a new central admin service for California Community Colleges faculty and staff - providing SSO-based authentication and user management for all CCC Tech Center and other systemwide administrator tools and services.  This new service is designed to scale as users, products and services are developed and integrated with this central system.

A Single Point of Entry

The primary benefit of the CCC Administrator is to provide one single point of entry - one URL and one central landing page - for all your Tech Center and other systemwide admin configuration tools and services - thus eliminating the need for faculty and staff to manage multiple sites and login credentials for their systemwide administrator applications.

Other Benefits

In addition to consolidating access to multiple admin tools and services in one central location, the CCC Administrator, also known as the “core administrator platform” or CAP, manages user and access management in a single sign-on environment.

Single Sign-On Authentication

  • Delivers SSO-based authentication for all CCC college and district staff users across all integrated CCCTC-developed admin applications. Users login to the central administrator once, then navigate to their authorized services in the same session.

User Authorization

  • Delivers centralized “System Administration” services, including identity and access management (user authorization, roles, and permissions) in one consolidated user account for all services and resources securely.

Land and Launch Global Interface

  • Provides one central landing page for college and district users to launch the applications they are authorized to access, including the new CCCApply Administrator 2.0 system, in a new tab or window depending on your browser and operating system.

Scalable Architecture

  • The new architecture design scales as users, applications and services are added to the system.

Getting to the New Administrators

  • New URL to the CCCApply Administrator Tool:  Now that the CCCApply Administrator 2.0 is accessed through the new CCC Administrator system, colleges will be given a new custom URL to replace their current Admin 1.0 link.  

Colleges will receive their new URL via email which will be sent to the college Admissions Office and/or IT Department contact on file with the Tech Center for CCCApply. For any instance in which we do not have a contact, or if the contact is no longer at the college or district, we will reach out to the college President or IT Director or Student Services Director until we get a response.

  • No Longer a Direct Link to the CCCApply Administrator: There is no longer a direct link to the CCCApply Administrator tool. Colleges will be given a custom URL – based on the college’s URL root domain - for the central CCC Administrator landing page.

NOTE: Colleges will continue to use their existing URL link to the CCC Report Center until further notice. Your existing user accounts will still authenticate and authorize your access to your college or district reports and data. .

  • Accessible via one, single-point-of-entry for all integrated applications, meaning users with authorized access to multiple admin tools will navigate to one central URL (https://{custom-idp}.openccc.edu/administrator) and sign-in using one set of user credentials for all their authorized tools and services;

NOTE: All colleges are required to undergo integration with the SSO Proxy in order to access the new CCC Administrator and all integrated admin applications, including the CCCApply Administrator 2.0. To find out if your college has completed this system requirement, please contact CCCTC Support at staffsupportccctc@openccc.zendesk.com

  • New Landing Page:  The home page of the CCC Administrator is now the central “landing page” for all users.  From there, users must select the administrator tool they seek to manage via the Applications menu on the CAP homepage.  

  • New “Applications” Menu:  To access the CCCApply Administrator 2.0 (or any other integrated administrator tool from the core administrator platform), users must select the “CCCApply Administrator” option from the “Applications menu on the homepage.

Land & Launch Interface

All integrated admin applications, including the CCCApply Administrator 2.0 application, will launch from the CCC Administrator global landing page.

  • Applications Menu: In this first release (CAP 1.0), CCCApply and Canvas College Adaptor admin tools are the only tools accessible from the CCC Administrator. As more CCCTC admin applications are developed and integrated with CAP, they will launch from this core system AND leverage the same SSO, authorizations, and System Administrator (to define their own application-specific roles and permissions).

IMPORTANT: The CCC Report Center will not launch from the CCC Administrator in the first release. Until further notice, all colleges and districts will continue to use their existing custom URLs and user accounts to access the CCC Report Center.

  • New “System Administrator” Module:  the System Administrator module is where integrated applications set up  systems administration, including user management in the “User Manager” sub-menu,  user roles in the “Roles Manager”, and user permissions in the “Access Permissions Manager”.  

MOST college users will not see the System Administrator unless they have a user role that allows them to manage other users (see below).
 

Authorized User Management

User and Access Management has been moved from the CCCApply Administrator 1.0 to the new core admin platform system in order to merge and streamline all the Admin 1.0 user accounts that exist across the three CCCApply Applications and Report Center - into just two accounts per user; one for Pilot and one for the Production environment systems.

However, for the first phase of development and implementation of this central service, all user roles, permissions, and application access authority will be managed by the CCC Tech Center (Support Services and Enabling Services).

College Pilot Implementation & User Acceptance Testing Session:

During the CCCApply Release 6.2.0 “30-day Pilot Period”, College Support Services will work with each CCC college (or district) to verify every Admin 1.0 user accounts created under your MIS code to ensure they are still current and valid prior to the production release on July 27. All CCCApply Administrator 2.0 users must have a validated user account in order to log in to the new system. This validation is confirmed during your required Pilot Implementation session (one per college). Please schedule your session today, contact CCCTC College Support Services today! 

  • ALL USERS must have a user account setup (new or migrated from Admin 1.0) in order to authenticate into the new CCCApply Administrator 2.0.

  • ALL EXISTING USER ACCOUNTS for the Admin 1.0 and the CCC Report Center systems will be migrated over to the new 2.0 system prior to Pilot and Production releases.

  • ALL USERS will now have the "Basic User" role and permissions for the initial Pilot launch of the new CCCApply Administrator 2.0. The Basic User role will allow users to login (authentication) to the CCC Administrator tool, and launch and access their authorized applications using single sign on (SSO). 

  • College Support Services will schedule one-on-one support sessions (online Zoom sessions) with a designated college or district staff representative during the weeks of July 2 - July 22, 2018.

  • All existing college and district user accounts will be validated by an authorized CCCTC College Support Services technician during the Pilot Implementation process. Updates will be made during the support session to ensure only valid users will have accounts moving forward. 

  • The purpose of the Pilot Implementation and support session is to ensure that each college completes implementation tasks and user acceptance testing (UAT) to verify each user account is valid prior to production release. To schedule your Pilot Implementation session, please contact CCCTC College Support Services today! 

TAKE-AWAY NOTE:  Just like in Admin 1.0, all users must have a User account before they can be authenticated into the CCC Administrator. In the first release, all existing Admin 1.0 users will be migrated over to the new system. Their Admin 1.0 roles have been converted to the equivalent role in the new 2.0.  

Development of the spam filter web service and user interface began in early 2017 to assist colleges in making accurate and informed decisions on whether an application is fraud or not.  The tool consists of three main components: the post-submission web service, the machine-learning model and prediction service, and the user interface to review and confirm identified fraud. 

This page talks about the Spam Filter User Interface project, what it includes, and how it operates.

Spam Filter Utility Interface

The Spam Filter utility allows college staff to manually process applications that are suspected to be fraud and removed from the submission pipeline before delivery to the college via the College Adapter (Superglue). The utility resides in the CCCApply Administrator for CCCApply Standard Applications only. 

As we learned above, every application that is submitted through CCCApply is analyzed by a machine learning model in the prediction service. If the prediction service believes that the application meets the criteria for fraud, it will update the fraud status field flag from "Pending" to "Checked Fraud" and is suspended temporarily in the Spam Filter utility to be processed by the college's Admissions & Records staff.

Applications that do not meet the criteria by the prediction service are flagged as “Checked Not Fraud" and released to the college for delivery.

Spam Filter Summary Table

Each application that is flagged "Checked Fraud" will display in the "Spam Filter" summary table in the CCCApply Administrator.  Each application row has a checkbox which the user can select individually or in bulk.  Once an application or set of applications is selected two buttons will appear enabled above the summary table:  "Confirm Spam" and "Mark as Valid" - giving the college control over whether application(s) is moved to the continuous training model to grow the machine learning algorithm, or for legitimate applications that have been flagged in error, are removed from the suspension folder and placed back in the post-submission pipeline to be delivered to the college.  

  • Confirm Spam button:  The college should select this action to confirm that the application meets the criteria for fraud and should NOT be delivered to the college. 

  • Mark as Valid button: The college should select this action to remove the application from the spam suspension folder and push the application to be delivered to the college.

Spam Filter Workflow

The workflow process for the spam filter works like this:

  1. College staff log in to the CCCApply Administrator to monitor the spam filter utility activity.

  2. Suspended applications are reviewed and investigated by college staff.

  3. College staff make the final determination: Confirm as Spam or Mark as Fraud

  4. If the college determines it to be “Fraud” - then the fraud status flag is changed from Checked Fraud to Confirmed Fraud

  5. If the college determines it to be “Not Fraud” - then the fraud status flag is changed from Checked Not Fraud to Confirmed NOT Fraud

  6. A “Confirmed Fraud” flag calls the Spam Filter API to suspend application.

  7. Applications that are Confirmed Not Fraud are sent immediately to the college via the College Adapter (Superglue)

  8. All applications are examined by the ML model for continuous learning.

Spam Monitoring & Email Notifications

As part of the User Interface workflow process, service monitoring has been implemented to notify the college that one or more applications has been flagged as fraudulent and is sitting in the User Interface for their confirmation (processing). If even one application has been predicted to be fraud and moved to the suspension folder, the college will receive an email notification alert reminder.  

To help college's adapt to the new spam filter, monitoring has been implemented to alert the college by email if one or more submitted applications has been suspended in the Spam Filter (Summary Table). The two email messages are: 

  • Daily Spam Alert Email:  Sends an email alert to the "Admissions Office Email" to notify the college that one or more applications have been suspended and need to be managed in the Spam Filter User Interface

  • Reminder Spam Alert Email: Sends an email alert to the "Admissions Office Email" to notify the college that one or more applications has been sitting in the suspension folder for 3 days or more.

This email alert is a reminder to the college that all applications suspended in the Spam Filter need to be "confirmed" by the college in order for the model to continue to grow and learn.  

IMPORTANT NOTE

Setting Up the Spam Email Notification Recipient

The Spam email notifications are sent out once per day if one or more applications are awaiting confirmation in the Spam Filter User Interface.  Email notifications will be sent to the "Admissions Office Email" field in the "College Information" module in the CCCApply Administrator 2.0, which is accessible in the header from any application screen in the Administrator.  Colleges should either update this important contact field with an appropriate email contact and address - to ensure the spam email notifications are sent to the correct Admissions Office staff member's email address responsible for monitoring the spam filter, or add email "forwarding" to that email address to the most appropriate email contact. 

It is the responsibility of each college to monitor incoming email notifications, as well as processing their suspension folder (User Interface) on a regular basis.  Though the prediction service is calculating the probability ratings at a 98.99% accuracy rate, there is still a possibility that a legitimate application may get caught in the spam user interface; just like out own spam email filters.

College participation in the fight to prevent and combat fraud against fraud is critical to the overall success of the campaign.

Spam Filter Pilot 

  • Top 4 colleges attacked by fraud
  • Data used in deep dive analysis
  • Identified trends for the model
  • Provide insight on motivation
  • Submitting bad apps monthly
  • Participating in ongoing research


College Participation

Participation from ALL colleges is critical to success of model

  • Regular monitoring of spam filter
  • Making determination of fraud status
  • Support continuous learning of model

Understand the motivations of spammers


Out for financial gain

As a system, we can change how we think about cyber crime and fraudulent applications in a way that contributes positively to finding a solution, rather than shutting down the conversation out of fear.


Submitting Fraud Applications for Research

  • Must be in the required format
  • Send other info in a separate file.


Item: Confirmation # of suspected bad apps.
File Format:  TXT File
Naming Convention: CollegeMISCode_Fraud_mmddyy.txt

Confirmation numbers ONLY

One (1) confirmation number per line in .txt file


Best Practices

  • Review onboarding processes and auto-response emails
  • Educate staff to identify fraud patterns & trends
  • Ensure applicants are legitimate students before issuing .edu email addresses
  • Remove ways for spammers to get into our system


Under-development

  • Final phase of web service API and prediction service
  • User interface integration into Administrator
  • CCCApply Administrator system upgrade
  • Enhancing Download Client for fraud status flag


Future Enhancements

  • Email notifications to colleges to monitor filter
  • Filter interface adjustments

Of the several million applications submitted through CCCApply each year, the vast majority of them are valid - submitted by legitimate applicants who want to attend a California community college. These applications contain personal identifiable data and other critical information that needs to get to the college as quickly and safely as possible. However, for the percentage of applications that are bad and that are submitted through CCCApply for nefarious purposes with the intent to commit fraud, we've developed a system that will analyze, flag, suspend, and ultimately, block the fraud attempt through a spam filter web service and user interface.

Development of the spam filter web service and user interface began in early 2017 to assist colleges in making accurate and informed decisions on whether an application is fraud or not.  The tool consists of three main components: the post-submission web service, the machine-learning model and prediction service, and the user interface to review and confirm identified fraud. 

This page talks about the development project, what it includes, and how it operates.

Post-Submission Web Service Process

At the end of the CCCApply application process, after all the application data has been entered by the student and the applicant has confirmed - under penalty of perjury - that the data being submitted is valid and correct, the "Submit" button is clicked to push the application data to the college that the applicant is applying to. Everything that happens after that point is considered the post-submission process and is the point at which the application is routed to the college via the Download Client or through the College Adapter (SuperGlue) for real-time integration with the college student information system. 

With the development of the Spam Filter Web Service, every application is intercepted after submission and routed to the spam filter machine learning model and prediction service to see if the data meets the criteria that constitutes it as spam or fraud.

The applications that are legitimate and do not meet the criteria for spam are quickly passed through to the college via their selected data delivery method.

For the applications that are frauds, however, the model extracts the data and looks for "identifiers" which are then fed into machine learning algorithm for full analysis. The prediction service then calculates a probability of how confident it is that the application is bad; in other words it "suggests a level of confidence" between 1 and 100.  The closer the number is to 100, the more likely it is fraudulent. This is called the Confidence Threshold. 

At the heart of the web service is the machine learning, continuous training model that does NOT make any decisions, it just predicts whether an application meets the "identifiers" that have been collected by the model based on thousands of applications already confirmed as fraud by the colleges.

Read more about the Machine Learning Model and Prediction Service here.

Workflow Process

The post-submission workflow looks like this: 

  1. Application is submitted to CCCApply

  2. Application is stored with a fraud status flag set to PENDING

  3. Application is posted to the prediction service where model is applied

  4. Prediction service returns the probability rating that the application is fraudulent or not.

  5. Based on the probability rating, the fraud status flag is updated with “Checked Fraud” or “Not Checked Fraud”

  6. Applications set with “Checked Fraud” are sent to the Suspension folder (User Interface) awaiting confirmation by college staff

  7. College staff confirm fraud labels via User Interface

  8. Application fraud label confirmation trains the machine learning model

  9. Model is refined over time to better identify and filter fraudulent applications

Post-submission Development

Download client:
The major change to the download client is that applications will not be available to download unless they have a fraud_status of either  LEGACY, NOT_CHECKED, CONFIRMED_NOT_FRAUD or CHECKED_NOT_FRAUD.

Export for training:
The Apply team will develop a new tool that can be used to export applications.  This tool will dump applications into a CSV file, PGP encrypt the file and copy it to an S3 bucket for Infiniti.   The file will contain application data and the fraud status for each application. Infiniti will use this file to perform ongoing training of their prediction model.

Spam Filter Web Service

The purpose of the Spam Filter Web Service is to assist colleges in making accurate and informed decisions on whether an application coming in through CCCApply is fraudulent or not. At the heart of the web service is a machine learning model that does NOT make decisions, it just predicts whether an application meets specific "identifiers" that have been collected and analyzed by the model based on thousands of confirmed spam applications submitted by the colleges. 

The User Interface tool gives the colleges the ability to review each application flagged as fraud and then make the final decision on whether they should be confirmed as fraud or not. The continuous learning and retraining of the model is based on the final confirmation by the college.

The links below provide an overview of the spam filter web service and user interface:


Message to Colleges

Even if your college is not having a problem with fraud today, there's a chance you may have a problem in the future. The spam filter web service will give you the tools and knowledge to address fraud now and in the future. 

Soon after the first wave of fraud applications were identified in June 2016, the CCC Technology Center took immediate steps to strengthen the security of the CCCApply system and protect our students' personal identifiable data (read more about all the ways we are addressing fraud in CCCApply). Meanwhile, we contracted with a machine learning data research team to perform data analysis on several thousand fraud applications examples that were collected from the colleges that initially reported the spam.


Research Objectives

The objectives for the research project were simple:

  • Understand why we are seeing an influx of fraudulent applications across the CCC system
  • Understand the motivations behind these fraudulent attacks
  • Identify trends, commonalities and patterns in the data
  • Identify the tools and techniques being used by spammers
  • What can CCCApply do to prevent fraud now and in the future?
  • What can the colleges do to prevent fraud now and in the future?

Additional objectives were added based on the recommendations and outcomes of the research, including commencing a small pilot of four colleges to get feedback and understand their workflow processes, as well as develop a process for collecting data throughout the design and development phase of the project. 

Data Analysis

Based on what they learned in the initial review, the research team conducted a multi-part data analysis of all submitted applications (without using any student personal information). In the first review the focus was on one college that provided a large number of bad applications between June 1, 2016 - August 15, 2017.  The second review looked at all other colleges who provided examples of bad applications in the same time period; and the third pull looked at all remaining submitted application data. It was important to compare the bad applications to good applications in order to start detecting trends and patterns in the fraudulent "formula".  After reviewing all three data pulls, even without including personal identifiable information, we learned a great deal.

The majority of bad applications identified were submitted in under 3 minutes, with the majority of those being submitted in under 2.5 minutes. That information alone told us that robots are likely involved, submitting applications quickly using keyboard strokes. 

Of the applications identified as frauds, other patterns were prevalent:

  • Time to completion:  2.25 minutes (average)
  • Permanent Address State: NOT California
  • Current Mailing Address State:  NOT California
  • Gender: Male
  • Race: White
  • HS Ed Level:  No high school completion
  • Interest in Financial Aid:  NO

However, the most important thing we learned was that it is very hard to identify "patterns". As soon as one pattern was identified, the spammers would mix it up and employ a new pattern. The only pattern we could be sure of is that there is no one pattern; these attackers are very skilled at adapting to change.  

Motivations for Fraudulent Activity

One of the burning questions we had going into the research study was, why? What is the motivation behind these attacks?  Clearly the cyber criminals behind this fraud campaign are highly organized and unyieldingly dedicated. What are they getting out of this? The answer is financial gain. 

Of the 24 colleges that were surveyed by the Tech Center who had reported large numbers of fraud, 23 of them indicated that they give away something for free at the time of application; in most cases they are auto-responding to applicants with .edu email addresses and/or free software licenses such as Office 365 or, in some cases, credentials that would get the student into their student information system. Among the colleges that indicated they were giving away .edu addresses, many of them admitted they were doing so before the student was actually enrolled in classes. 

Cyber criminals appear to be targeting the colleges that are giving away something for free at the time of application, such as .edu email addresses, free software licenses, and - in some cases - information that gets the applicant into their student information system.

The CCCTC Information Security office has been investigating these reports and have confirmed the sale of .edu email addresses on various online sites, such as eBay and Craig's List.  Among other uses, it appears the spammers are using the .edu email addresses to:  
  • seek discounts on technology hardware and software 
  • apply for financial aid
  • apply for student loans
  • prove U.S. and California residency
  • obtain false identification

Recommendations

By identifying commonalities across all the fraud applications reported by colleges - such as volume, average submission time, patterns in the submitted data, and user profiling - and by comparing that information to non-fraud applications over the same time period, the research team was able to make some recommendations, from short-term technical fixes to long-term development solutions, that we began implementing immediately.

The recommendations included:

  • Additional security enhancements to the firewall
  • Implementing blocks on TOR and other known bad actors and ip addresses,
  • Several stop gap configuration changes to the CCCApply pre-submission process that would temporarily thwart spammers in-progress 
  • Start working with a few colleges that are getting spammed heavily to understand motivations and trends
  • Develop a post-submissions web service based on a machine learning model that would filter spam before it reaches the colleges

These recommendations were all approved as part of an overall enhanced security strategy for 2018-2019. 


Spam Pilot Project

One of the recommendations from the research study was to organize a small pilot of colleges that can work with our support engineers and provide feedback throughout the research and development efforts. The pilot colleges will also collaborate on best practices and other workflow changes that can be shared back with the other colleges.

Development Project

One of the recommendations from the research develop a spam filter web service that would prevent these the bad applications from getting back to the colleges through their download system to prevent bad data from getting to the colleges and continuously re-training the prediction service model. 


After the initial review, the data analysts recommended developing a spam filter service using on a continuous learning/training model - based on a custom algorithm that will get smarter each time an application is flagged as "spam". This filter service is being built for CCCApply Standard application, with a back-end user interface that will be accessible in the new CCCApply Administrator (deploying in June).
Both the spam filter service and the admin interface are under-development now - with an expected release date of June 2018. This is a huge project and will require the cooperation and participation of all colleges - not just the colleges being targeted with spam - in order to "train" the algorithm with accurate data - both good, legitimate applications as well as the bad, fraudulent applications.  

Spam Filter Web Service 

One of the outcomes of the research study was the recommendation to develop a spam filter web service that would prevent these the bad applications from getting back to the colleges through their download system to prevent bad data from getting to the colleges and continuously re-training the prediction service model. 

Meanwhile, we continue to work with the machine learning team and several colleges in a pilot project to build and train the algorithm with any bad applications submitted by colleges.  The email tomorrow will also specify how colleges can submit their fraud applications to the Tech Center for this purpose (we need them formatted in a specific way and ensure colleges know not to include any student personal identity information.

We are also working with the CCCApply Steering Committee to better understand the motivations of these spammers. What are they after? 



First Sign of Fraud

In June 2016, CCCTC Support Services received it's first report of fraudulent activity from Bill Mulrooney, Director of Admissions at El Camino College, identifying, what appeared to be, a large number of fake CCCApply applications submitted through a Russian email provider service, Mail.ru. According to Mr. Mulrooney, the suspicious apps were spotted while searching for a specific applicant in the Report Center by street address - and noticed multiple instances of matching characteristics within the same submit date, including matching street address, Date of Birth, and email address - all of which came from the "mail.ru" provider. 

He also brought the issue to the CCCApply Steering Committee and issued a formal request to Tech Center to investigate.  


By the end of 2016, the number of colleges reporting large amounts of suspicious applications coming in through CCCApply had escalated. In a few cases, colleges reported receiving as many as 10,000 or more fake apps in a single day.  By this point, the characteristics used to identify fraud applications had expanded considerably, and we began seeing many different international service providers and other known bad actors.  Fraud applications were being submitted from inside the U.S., but the majority are coming from outside the U.S.  Most are from outside of California.  

The Tech Center, with full support from the CCCApply Steering Committee, immediately responded by implementing a series of security measures, including:

  • Increased firewall protections across our local and AWS servers (Amazon Web Services)
  • Blocked TOR and other known bad actor IP addresses
  • Implemented a series of stop-gap fixes to temporarily block applications from being submitted and reaching the college
  • Contracted with a machine learning data analytics company to commence research study 
  • Set Up a Pilot Project with the four top colleges getting spammed
  • Continuous learning for improvements
  • Working with CCCTC Marketing & Communication team 

Consequences of Spam

The costs associated with these fraud applications are largely hidden at this point, but they are real nonetheless. We've learned they consist mainly of the time staff spend sorting through the legitimate applications to identify the fraud data and keeping it from their student information systems. 

This activity of submitting a CCCApply application - for any purpose other than applying for admission to a California Community College - is unauthorized use of a system to process or store data.

However, spam is more than just annoying. It can be dangerous – especially if it's part of a phishing scam in order to obtain passwords, social security numbers, and other personal information, or used to convince an end-user to reveal sensitive information about themselves or internal computer systems.

In addition to being a security risk, spam applications can waste valuable business resources and server space storing and managing them until they are deleted. Along with spam email, surveys, and/or any other unsolicited digital attempt to enter our system, cyber criminals could be using these admission applications to convince end-users (colleges, staff) to reveal sensitive information about themselves or internal computer systems. When a college sends an email to a spammer asking for other information - may allow an attacker targeting our colleges to gain valuable intelligence prior to launching another type of attack. 

Over the past 18 months, the CCCApply development team has been working with a machine learning data research and analysis team to better understand the increasing number of spam/fraudulent applications coming in through CCCApply and ultimately build a spam filter service that will identify, flag, and suspend bad applications before they get to the college's download file. The filter will include an admin user-interface, similar to an email application spam filter system, where college admins can specify and process the flagged bad applications from the legitimate ones, thus training the backend algorithm each time an application is processed.

Motivations for Committing Fraud

  • Primary motivation:  Financial Gain
  • Seeking .edu addresses to resell and get benefits
  • Getting free software licenses:  Office 365
  • Getting confirmations of residency
  • Using residency to get California IDs
  • Potential for serious security attacks