...
First Sign of FraudIn June 2016, CCCTC Support Services received it's first report of fraudulent activity from Bill Mulrooney, Director of Admissions at El Camino College, identifying, what appeared to be, a large number of fake CCCApply applications submitted through a Russian email provider service, Mail.ru. According to Mr. Mulrooney, the suspicious apps were spotted while searching for a specific applicant in the Report Center by street address - and noticed multiple instances of matching characteristics within the same submit date, including matching street address, Date of Birth, and email address - all of which came from the "mail.ru" provider. He also brought the issue to the CCCApply Steering Committee and issued a formal request to Tech Center to investigate.
|
By the end of 2016, the number of colleges reporting suspicious batches of fraud apps large amounts of suspicious applications coming in through CCCApply had escalated. In a few cases, colleges reported receiving as many as 10,000 or more fake apps in a single day. By this point, the characteristics used to identify fraud applications had expanded considerably, and we began seeing many different international service providers and other known bad actors. Fraud applications were being submitted from inside the U.S., but the majority are coming from outside the U.S. Most are from outside of California.
...
In addition to being a security risk, spam applications can waste valuable business resources and server space storing and managing them until they are deleted. Along with spam email, surveys, and/or any other unsolicited digital attempt to enter our system, cyber criminals could be using these admission applications to convince end-users (colleges, staff) to reveal sensitive information about themselves or internal computer systems. When a college sends an email to a spammer asking for other information - may allow an attacker targeting our colleges to gain valuable intelligence prior to launching another type of attack.
...
...
Up Next: Ways We Are Addressing Fraud in CCCApply
Over the past 18 months, the CCCApply development team has been working with a machine learning data research and analysis team to better understand the increasing number of spam/fraudulent applications coming in through CCCApply and ultimately build a spam filter service that will identify, flag, and suspend bad applications before they get to the college's download file. The filter will include an admin user-interface, similar to an email application spam filter system, where college admins can specify and process the flagged bad applications from the legitimate ones, thus training the backend algorithm each time an application is processed.
...
Motivations for Committing Fraud
- Primary motivation: Financial Gain
- Seeking .edu addresses to resell and get benefits
- Getting free software licenses: Office 365
- Getting confirmations of residency
- Using residency to get California IDs
- Potential for serious security attacks