Guy Tytunovich checka leader in market-to-market security.
Higher education is in a state of dramatic transition. Since the outbreak of the Covid-19 pandemic, universities have had to move to online or hybrid learning models, build processes and infrastructure to support online teaching, and adapt quickly to the challenges posed by the virus.
For many students, this change has been a boon, expanding access to educational institutions previously out of reach due to time and space constraints. But another group has also benefited. It’s bots and scammers trying to take advantage of the university.
As the higher education industry becomes more dependent on technology, it is also becoming more vulnerable to fraud. The simultaneous increase in online enrollment and reduction in physical interaction requirements means that bots impersonating real students can deceive universities and damage their reputations, revenues and even legal standing. is occurring.
Bots Targeting Financial Aid and Relief Funds
In California, more than 65,000 bogus applications for financial aid were submitted to the state’s community college system in 2021. One community college identified and blocked an attempted student aid fraud worth approximately $1.7 million. The San Diego Community College District wasn’t so lucky and fell victim after making over $100,000 in fraudulent claims.
And even as Covid relief funds shrink, financial aid fraud is on the rise. During the 2022 spring semester, Salt Lake Community College received thousands of fraudulent applications. Leaders say they likely tried to steal federal Pell Grant funds.
More sophisticated attackers may impersonate actual students and use stolen information to apply for financial aid on their behalf. This scenario is much harder to defend against as it is unlikely to see legitimate student data.
Form-filling attacks against university email accounts
Financial aid scams like the one outlined above are easier to perpetrate in community colleges than in four-year colleges. This is because community colleges do not have admissions committees to scrutinize applicants. Attacks on fake accounts are not always sophisticated. You don’t have to.
The market for .edu email addresses is booming. This can often be obtained through automated form-filling attacks targeting the student application process. These email addresses may be used to access student discounts. And if it’s collected in large numbers, it can be sold on the dark web for profit or stored for further attacks. These relatively simple attacks (an older version is shown here) are easy to execute, but they are not. Technically It is both illegal and an attractive proposition for becoming a hacker looking for an easy achievement.
Economic impact of bot activity
In universities, the damage caused by these accidental attacks is often overlooked, but can have real economic impact.
The cost of recruiting new students is very high ($2,795 per student for a four-year private college) and the keywords are highly competitive, resulting in huge marketing spend from colleges and universities trying to meet their admissions goals. be connected.
Involvement of bots not only wastes your money, but it also negatively impacts your conversion efforts and marketing intelligence.
Every time a bot or fake user interacts with an ad, website, or form, that interaction becomes a CRM data point. And when that bad data piles up, it can lead to poorly optimized campaigns and the wrong decisions made based on inaccurate data, jeopardizing your marketing department’s lead generation efforts and unsolicited prospects. There can be friction with the registration department that has to deal with customers.
Fake students can also negatively impact retention rates and make incorrect decisions about which courses to offer next semester. Also, recurring bot traffic can drive up your cost per registration as bots can repeat visits via her PPC links or social media ads. Higher education ads have a higher than average CPC, so even a small amount of bot engagement can quickly become costly. And while the built-in bot mitigation capabilities offered by ad platforms can help, it’s important to know that ads aren’t the only source of bots.
How Higher Education Institutions Overcome Threats
Given the potential consequences of bots and fake users, it is important that universities take steps to protect themselves from these automated accounts.
One way to do this is to implement a strict validation process for new registrations. This may include requiring you to provide proof of identity, such as your government-issued girlfriend ID or student ID, in order to create an account. Sometimes it’s as simple as adding reCAPTCHA verification to your form inputs, but sophisticated bots can defeat this defense.
Another important step is to monitor website traffic for signs of bot activity. This may involve looking for patterns of behavior typical of bots, such as spikes in traffic from unusual locations or large numbers of visits from a single IP address. Universities can also use bot mitigation tools designed to detect and block bots.
In addition to these technical measures, colleges and universities should educate faculty about the dangers of bots and fake users, how to identify them, and what to do if bot activity is discovered.
The Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. am i eligible?