Bogus applications plaguing NC college campuses, pose security risk

Bogus applications plaguing NC college campuses, pose security risk

WILMINGTON, N.C. (WECT) - We’ve all heard stories about scam artists targeting consumers on the internet. Now, community colleges appear to be in the crosshairs of online scammers. The North Carolina community college system has discovered hundreds of bogus electronic applications mixed in with legitimate ones, and as they try to sort them out, they are also trying to figure out why they are being targeted.

It appears that many of these bogus applications are not coming from real people, but bad actors in other countries making up fake identities. They are using those fake names to pose as college applicants, hoping to be issued a student email account. While most four-year institutions don’t give students an email account until they’ve started school, many state community colleges issue applicants an email address as soon as they apply.

“Our colleges have a business desire to provide prospective students with branded “.edu” email accounts early in the application process for ease of communications and engagement….,” North Carolina Community College System’s Brian Long told WECT. “[D]isreputable parties are submitting fraudulent applications primarily for the purpose of obtaining .edu email addresses, which they then sell.”

These email addresses are valuable because student discounts are widely offered by retailers ranging from Amazon, to computer software companies, to cellular providers. People attempting to fraudulently obtain federal student tax breaks from the Internal Revenue Service may also benefit from a student email address.

But the North Carolina Attorney General fears that getting discounts with their educational email account may not be the fraudsters’ ultimate goal.

“What we are seeing in recent years is a dramatic uptick in security breaches, and in particular security breaches that arise from hacking, and phishing. Phishing is when they send a fake email. The person working there clicks on it, and then that lets the virus gets into the computer system…. These speared emails where they send in an application is just another way to get into the database,” Attorney General Josh Stein told WECT.

While they recognize the risk, local college officials wanted to make it clear that there has been no security breach at this point.

“I would say that our student systems and records are secure and not compromised in any way by this. I think the bigger issue is potentially taking up time of us trying to weed out who these folks are. And also stopping that from happening moving forward,” Cape Fear Community College Director of Admissions Jeremy Gibbons explained.

The number of bogus applications bogging down North Carolina community college campuses systems is easily in the hundreds, and is likely well into the thousands based on preliminary data shared with WECT by people familiar with the issue. They say some of the bogus applicants have been traced back to email accounts based in China, West Africa, and Eastern Europe.

Gibbons said for the upcoming fall semester, they’ve identified 30 out of approximately 5,000 student applications to CFCC that appear to be bogus. The community college system recently conducted a statewide survey attempting to quantify the scope of the bogus application problem across its campuses. It’s still waiting for data from many of the 58 colleges, but already knows of 15 schools that are affected, not including CFCC.

Gibbons said CFCC has traditionally issued email addresses early in the application process in an attempt to be inclusive, but the bogus application problem has CFCC and other colleges reconsidering that policy.

“Some colleges have taken steps to mitigate impacts by not automatically generating student email addresses when online applications are received. However, manually reviewing flagged applications prior to assigning email addresses requires more time and resources than smaller colleges may be able to invest,” Long told WECT.

For years, North Carolina has paid The College Foundation of North Carolina (CFNC) to process applications before sending them on to local colleges. Some employees at local campuses would like to see CFNC to handle the vetting process, screening out bogus applications before sending them to the colleges. However, CFNC’s contract with the state does not currently require them to do so.

“The contract with the State Education Assistance Authority/CFNC is to ‘administer the coordinated and centralized process for determining residency for tuition and State-funded financial aid purposes,’” Long explained. “The contract does not call for CFNC to vet the veracity of information provided in the application.”

When we asked CFNC about this issue, the non-profit organization acknowledged the problem and noted it is happening with schools that do not require an application fee. The State Community College System is currently working to find a solution.

“Although each community college is responsible for its cybersecurity, the System Office provides information and guidance on a wide variety of technical and security issues. We are in the process of creating a working group, consisting of information technology and student services staff from colleges and the System Office, to identify possible solutions to this issue,” Long added.

Copyright 2019 WECT. All rights reserved.