Date & Time: Tuesday, December 9, 2019 3:00PM
Zoom Recording: CCCApply Spam Filter User Group Meeting - Dec 9, 2019
Next meeting: Monday, January 20, 2020 at 3:00 pm
Colleges continue to be victims of a wide-scale, ongoing cyber attack from multiple bad actors who are committing identity theft and illegal fraud by submitting fake applications for admission through CCCApply.
The underlying purposes of these attacks includes access to free .edu email addresses, free software and technology discounts and benefits afforded to students, and legitimacy of identity information for residency and financial aid benefits.
Unfortunately, Colleges are unwittingly contributing to these illegal acts by continuing to provide the incentives these criminals are seeking. (This is, unfortunately, adding hardship to our colleges and our system overall.)
Some Colleges are still unaware of the reasons behind these Identity attacks and/or are seeking confirmation from the Chancellor's Office to enact procedural changes in their onboard process.
The CCCApply spam filter service was implemented in September 2018 and continues to evolve.
The Tech Center needs feedback and support from the colleges to:
SEE THE SPAM FILTER FAQ - Fall 2019
Our goal for the CCCApply Spam Filter Web Service is to implement continuous improvement and enhancement to build a model that is continuously retraining itself on a cadence that is sustainable for our colleges.
A CCCApply Spam Filter User Group was formed and colleges are invited to participate
Next meeting: Monday, January 27, 2020 at 3:00 pm.
Help us to better understand fraud coming in at your college. Please complete the survey
Speakers: Machine-Learning Data Analysts: Harsha Gopianandan, Ananth Gopalakrishnan
Despite spikes in spam over the six weeks or so, the performance of the spam filter service is netting a 95-98% accuracy. Below are the stats from Nov 23 - 27, 2019.
November 23 - 27
Total applications: 19,943
True Positive 938
True Negative 18,965
False Positive 13
False Negative 22
Accuracy 99.7994283709 %
Precision 98.6330178759 %
Recall 97.7083333333 %
Notes from Nov 12 meeting:
Harsha Gopianandan from the Spam Filter Machine Learning team explained about false positives and false negatives and why we are seeing both across the system.
He explained how the model works and encouraged colleges to keep tagging diligently so that model can learn from all new signatures.
Getting ready to update the model again with the Model with PII (December 2019).
We talked about sending false negatives to the Tech Center and we will bulk tag them and upload to the model, so the model can benefit from the identified false negatives
Update the model every 2-3 weeks.
Update with the latest data.
Update the model with new features.
*Note: Derived data from PII data is used.
Taking that info and transforming it in a way that is useful to the model.
Name + DOB
If your college is seeing blocks of false negatives (fraud applications that were NOT caught and suspended by the spam filter)...we can help you tag them so that all colleges benefit from those signatures,
Please send quantities of 20 or more to Support Services using the instructions below.
SPAM Drop File Information
Please provide bulk fraudulent applications in the format specified below:
We ask that all colleges follow the file format above. If you would like to include any information other than confirmation #, please provide that information in a separate file.
For other assistance, please contact:
Merrie Wales firstname.lastname@example.org
Patty Donohue email@example.com
Colleges want specific email address domains blocked. Patty will confirm that this can be done using an Error Message Rule in the Administrator by the college.
We currently block (new) IP Regions if they appear to be used in fraud signatures
Mitch from Santa Rosa College says they no longer give out .edu addresses until the student is fully matriculated and registered for classes or paid
Spammers are committing IDENTITY THEFT - stealing real personal identifiable information for seeking financial aid (fraud).
Becky from Shasta - built in a process to get a report to review apps quickly (includes IP Address in report) - internal
San Bernardino Valley & Crafton Hills College has implemented - GMail account is restricted until after they register - originally set up to email staff and other students, but found they are phishing other students, so they no longer allow them to email other students. (look into Gmail registration settings - different set of policies) - and this cut their spam in half.
Question asked if we could do model updates more frequently than 2-3 weeks - we would like to and will see what's possible. We
Address Validation > Why are we allowing students to bypass the CASS address validation? This could be looked at - spammers are putting in bad addresses.
What are spammers going for?
Spammers are specifically going for the FREE Google Drive storage