Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] Fake Student Applications/Registrations
From: James Valente <jvalente () SALEMSTATE EDU>
Date: Tue, 28 Jul 2020 14:57:16 +0000
We ran into this late last year up until a few months ago. The “fix” itself was simple but the business decision around getting that in place was a nightmare. Someone had decided that anyone wishing to take a non-credit course should be able to just register immediately without any input from our side. This, per policy, also gave them a university email address (because they didn’t want non-campus addresses used for billing). As a result we had someone scripting thousands of account for creation. They were all use for either the free AWS and/or free Azure credits that are given with an .edu email address. Ultimately we turned off the form since the vast majority of account creations were not legitimate and our initial solution was flagging anything suspicious and having the registrar manually approve, which they quickly found overwhelming. James Valente Associate Director of Information Security 978.542.2739 // GPG Key ID: 0xBF201E0A813AEDD1 SALEM STATE UNIVERSITY 352 Lafayette Street Salem, MA 01970 salemstate.edu From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Tomassetti, Tina Sent: Monday, July 27, 2020 13:06 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL] Re: [SECURITY] Fake Student Applications/Registrations CAUTION: This email originated from outside of Salem State University. Do not click links or open attachments unless you recognize the sender and know the content is safe. I remembered this happening here too so I got some info from our Asst. Dir of Administrative Information Systems: Yes. We shut down all of the instant admission channels such as Banner Self Service Non Matriculated applications and those now are done via Wufoo. We also added a Re-Captcha to the Wufoo form, and advised the Registrar's Office on what to watch for on those forms that would indicate an invalid application. If they recognize those patterns they follow through asking more information from the 'applicant' with a time limit for response. This has weeded them out over time. We also inactivated all of the invalid ones in Banner/Gmail, etc. that came in before we caught it. Scot Beekman Assistant Director of Administrative Information Systems Information Technology Services Phone: +1 (607) 778-5255 Email: beekmansa () sunybroome ed<mailto:beekmansa () sunybroome edu> Tina M. Tomassetti Assistant Director of Networking and Telecommunications Information Technology Services SUNY Broome Community College PO Box 1017 MS# 63 Binghamton, NY 13902 PH: 607-778-5011 FX: 607-778-5119 tomassettitm () sunybroome edu<mailto:tomassetti () sunybroome edu> On Fri, Jul 24, 2020 at 4:19 PM Wesolowski, Nathan R. <Nathan.Wesolowski () nwtc edu<mailto:Nathan.Wesolowski () nwtc edu>> wrote: Hello everyone, this is my first time posting here. Since last weekend we have observed an unusually high number of new student applications/registrations containing fake information. After investigating, I discovered that our College was recently featured on a Chinese blog. The blog’s “educational welfare” category lists dozens of other colleges and universities, along with step-by-step details for obtaining free accounts/email addresses - hxxps://404edublog.cf/<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2F404edublog.cf%2F&data=02%7C01%7Cjvalente%40SALEMSTATE.EDU%7Cb3876fe35da4449792fe08d8324f6489%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C0%7C637314663857465499&sdata=2uLbMhDQ5Vfu4IFG54Dt9eGxyIunDVPubkjPu3ZBf7g%3D&reserved=0>. It is obvious that these scammers are after a .EDU email address. With the ongoing COVID situation, we have waved or postponed certain fees in an attempt to reduce any registration barriers. I believe that this is contributing to our problem. While we have tools in place to help us identify and remove fake identities, I am curious to know what others have done about this problem. Thanks, Nate Nate Wesolowski Information Security Analyst Northeast Wisconsin Technical College 2740 W. Mason Street Green Bay, WI 54307 O 920.498.6943 | T 800-422-NWTC nate.wesolowski () nwtc edu<mailto:nate.wesolowski () nwtc edu> | nwtc.edu<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nwtc.edu%2F&data=02%7C01%7Cjvalente%40SALEMSTATE.EDU%7Cb3876fe35da4449792fe08d8324f6489%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C0%7C637314663857465499&sdata=eMY58zJJLgDL2brTNrLHHyIzZ3GRMx5%2FDd8z%2Bcjk8QM%3D&reserved=0> [cid:image001.jpg@01D664CD.DA8BDA00] CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this e-mail in error, please notify the sender and delete this e-mail from your system. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjvalente%40SALEMSTATE.EDU%7Cb3876fe35da4449792fe08d8324f6489%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C0%7C637314663857465499&sdata=UJ3LUndblTfGJv4NQQbiuDgnn8J9EGZRyMlxfb6m86A%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjvalente%40SALEMSTATE.EDU%7Cb3876fe35da4449792fe08d8324f6489%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C0%7C637314663857475492&sdata=UohuPVVLJnl5%2BJbuvu5%2FmPZg8zq%2BopyBsIEJ8uIr598%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: Fake Student Applications/Registrations Wesolowski, Nathan R. (Jul 24)
- Re: Fake Student Applications/Registrations Von Welch (Work) (Jul 24)
- Re: Fake Student Applications/Registrations Tomassetti, Tina (Jul 27)
- Re: [EXTERNAL] Re: [SECURITY] Fake Student Applications/Registrations James Valente (Jul 28)