What is bot-driven fraud and how are these attacks impacting the higher education industry?
The COVID-19 pandemic brought about many changes for higher education institutions, most notably the necessary shift from in-person to online and hybrid learning environments.
This seismic shift forced these institutions to lay the groundwork for enhanced online educational tools to remain competitive and increase enrollment numbers.
Not only does this benefit students by allowing them to access institutions that may not have been available in prior years due to time or location constraints, but it’s also opened the door for bots and fraudsters to take advantage of these establishments.
In conjunction with an increase in online enrollment and a reduction in the requirements for physical interaction, bots can now disguise themselves as real students to defraud universities and harm their reputations.
Two of the most prevalent types of bot-driven fraud schemes focus on financial aid and university email theft.
Bot-driven Financial Aid Fraud
Although COVID-relief funds are winding down, financial aid fraud is still rising. In the state of California, there were over 65,000 fake applications for financial aid submitted in its community college system in 2021. One of those community colleges identified and declined around $1.7 million in attempted student aid fraud. And in 2022, a single community college in Utah received thousands of fraudulent applications.
There is also the risk of more sophisticated attackers impersonating real students and applying for financial aid on their behalf with stolen information. In this instance, it is much more difficult to detect fraudulent activity, especially for smaller colleges that do not have admissions committees to vet applicants.
Bot-driven University Email Theft
There is a large market for @edu email addresses. These are usually obtained through automated form-fill attacks that target student application processes. These email addresses can be used to access student discounts, sold for profit on the dark web or used to inform future attacks.
Financial Impact on Higher Education
To make matters worse, bot-driven attacks can not only steal hundreds of thousands in financial aid funds but can cause administrative and business costs that are ultimately passed down to students through increased tuition prices and fees.
And with a recent report verifying the acquisition cost for new students is nearly $2,795 per student for a four-year private college, the last thing universities need are bots convoluting their recruitment marketing.
Marketing keywords are competitive and can lead to massive marketing spending from colleges and universities attempting to hit higher enrollment targets. Bot engagement would waste this spend and effectively hurt conversion efforts and marketing intelligence.
Some ads for higher education are on a cost-per-click basis. Even a small number of bots can become costly for a university or college. Although most advertising platforms have a built-in bot-mitigation capability, it is important to remember that ads are not the only targets for bots.
Every time a bot or fake user interacts with a marketing campaign, it becomes a data point within a CRM and effectively leads to poor and inaccurate data. These inaccurate data points can lead to poor decision-making, creating tension among leadership and negatively impacting future budgets and strategy.
How Can Higher Education Protect Against Bot-Driven Fraud?
There are several ways the higher education industry can fight back against bot-driven fraud and fake users, one of which is to implement harsher verification processes for new enrollments, such as:
Require proof of identity, such as a government-issued ID, to create an account.
Monitor website traffic for signs of bot activity, such as unusual locations, spikes in traffic or single IP address visits.
Add reCAPTCHA verification to form fills (although more sophisticated bots can bypass this).
Educate, educate, educate… help faculty and staff know the warning signs of bots and what to do if they discover fraudulent activity.
If you have any questions about bot-driven fraud or any other higher education concerns, please contact the Schneider Downs Higher Education Industry Group at [email protected].
About Schneider Downs Higher Education Services
The Schneider Downs Higher Education industry group is a dedicated team of experienced professionals specializing in serving institutions from high schools to universities. Our experience in audit and assurance, tax advisory, technology and data and more allow our professionals to stay ahead of the latest trends, developments and challenges within the education sector and provide timely and practical solutions to our clients.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.