Page Comparison

...

In addition to the steps we've taken Soon after the first wave of fraudulent applications were identified back in June 2016, CCCApply immediately took steps to strengthen the security of our CCCApply system , including additional firewall protections, blocking TOR and other known bad actors, and implementing pre-submission configuration changes that would prevent probable fraud applications from being submitted if they meet certain criteria, after the first wave of fraud was reported in late 2016, CCCApply and protect our students' personal identifiable data (see all the Ways we are addressing the fraud issue). In addition we contracted with a machine learning data research team to conduct an extensive research perform analysis on the several thousand examples of fraud applications that we collected from the colleges who reported the spam. The research team initiated their review with the following objectives:  To compile the data and do exploratory data analysis To identify trends Our objectives for the study were simple: In order to understand why we were seeing an influx of fraud, and to better understand trends and commonalities in the data being submitted through these applications, the machine learning data team collected and analyzed several thousand examples submitted by the colleges reporting the spam. Understand why we are seeing an influx of fraudulent applications across the CCC system Understand the motivations behind these fraudulent attacks Identify trends, commonalities and patterns in the incoming data To identify data Identify the tools and techniques being used by spammers To better understand the motivations by spammers Early Research What can CCCApply do to prevent fraud now and in the future? What can the colleges do to prevent fraud now and in the future?

Image Added

Data Analysis

Based on that initial review, we initiated a multi-part data analysis (without using any student personal information). In the first data review, we focused on one college that provided a large number of bad applications between June 1, 2016 - August 15, 2017; the second analysis looked at all other colleges who provided examples of bad applications in the same time frame; and the third pull looked at all remaining colleges and submitted application data. It was important to compare the bad applications to good applications in order to start detecting trends and patterns in the fraudulent "formula".

After reviewing all three data pulls, even without including personal identifiable information, we learned a great deal.

The majority of bad applications identified were submitted in under 3 minutes, with the majority of those being submitted in under 2.5 minutes. This information alone told us that robots are likely submitting applications using keyboard strokes;

Of the applications identified as frauds, other patterns were prevalent:

• Time to completion:  2.25 minutes (average)
• Permanent Address State: NOT California
• Current Mailing Address State:  NOT California
• Gender: Male
• Race: White
• HS Ed Level:  No high school completion
• Interest in Financial Aid:  NO

Research

...

Outcomes

By identifying characteristics common in the fake applications collected by colleges, such as volume, average submission time, patterns in the submitted data, and user profiling - and comparing that information to non-fraud applications, we are able to take steps to prevent this threat through enhanced security, short-term stop gap fixes as needed, and the development of a spam filter web service. These aren't the only solutions, but as we continue to better understand the motivations behind these attacks, these can be used as part of an overall enhanced security strategy.

...

Image Removed

...