First Sign of Fraud
In June 2016, CCCTC Support Services received it's first report of fraudulent activity from Bill Mulrooney, Director of Admissions at El Camino College, identifying, what appeared to be, a large number of fake CCCApply applications submitted through a Russian email provider service, Mail.ru. According to Mr. Mulrooney, the suspicious apps were spotted while searching for a specific applicant in the Report Center by street address - and noticed multiple instances of matching characteristics within the same submit date, including matching street address, Date of Birth, and email address - all of which came from the "mail.ru" provider.
He also brought the issue to the CCCApply Steering Committee and issued a formal request to Tech Center to investigate.
By the end of 2016, the number of colleges reporting large amounts of suspicious applications coming in through CCCApply had escalated. In a few cases, colleges reported receiving as many as 10,000 or more fake apps in a single day. By this point, the characteristics used to identify fraud applications had expanded considerably, and we began seeing many different international service providers and other known bad actors. Fraud applications were being submitted from inside the U.S., but the majority are coming from outside the U.S. Most are from outside of California.
The Tech Center, with full support from the CCCApply Steering Committee, immediately responded by implementing a series of security measures, including:
- Increased firewall protections across our local and AWS servers (Amazon Web Services)
- Blocked TOR and other known bad actor IP addresses
- Implemented a series of stop-gap fixes to temporarily block applications from being submitted and reaching the college
- Contracted with a machine learning data analytics company to commence research study
- Set Up a Pilot Project with the four top colleges getting spammed
- Continuous learning for improvements
- Working with CCCTC Marketing & Communication team
Consequences of Spam
The costs associated with these fraud applications are largely hidden at this point, but they are real nonetheless. We've learned they consist mainly of the time staff spend sorting through the legitimate applications to identify the fraud data and keeping it from their student information systems.
This activity of submitting a CCCApply application - for any purpose other than applying for admission to a California Community College - is unauthorized use of a system to process or store data.
However, spam is more than just annoying. It can be dangerous – especially if it's part of a phishing scam in order to obtain passwords, social security numbers, and other personal information, or used to convince an end-user to reveal sensitive information about themselves or internal computer systems.
In addition to being a security risk, spam applications can waste valuable business resources and server space storing and managing them until they are deleted. Along with spam email, surveys, and/or any other unsolicited digital attempt to enter our system, cyber criminals could be using these admission applications to convince end-users (colleges, staff) to reveal sensitive information about themselves or internal computer systems. When a college sends an email to a spammer asking for other information - may allow an attacker targeting our colleges to gain valuable intelligence prior to launching another type of attack.
Over the past 18 months, the CCCApply development team has been working with a machine learning data research and analysis team to better understand the increasing number of spam/fraudulent applications coming in through CCCApply and ultimately build a spam filter service that will identify, flag, and suspend bad applications before they get to the college's download file. The filter will include an admin user-interface, similar to an email application spam filter system, where college admins can specify and process the flagged bad applications from the legitimate ones, thus training the backend algorithm each time an application is processed.
Motivations for Committing Fraud
- Primary motivation: Financial Gain
- Seeking .edu addresses to resell and get benefits
- Getting free software licenses: Office 365
- Getting confirmations of residency
- Using residency to get California IDs
- Potential for serious security attacks