Fake student bot accounts at California colleges tied to suspected COVID-19 relief scam

The California Community Colleges system is investigating potentially widespread fraud involving fake “bot students” enrolled in active courses in what officials suspect is a scam to obtain financial aid or COVID-19 relief grants.

The 116-campus system is beefing up internal reporting and security measures after finding that 20% of recent traffic on its main portal for online applications was “malicious and bot-related,” according to a memo issued Monday by Valerie Lundy-Wagner, interim vice chancellor of digital innovation and infrastructure.

Nearly 15% of that traffic was caught by new software called Imperva Advanced Bot Detection, which was installed last month, and the matter remained of “grave concern,” she said. The memo follows a previous warning that Lundy-Wagner issued in June.

California Community Colleges Chancellor Eloy Ortiz Oakley said at least six campuses have reported an unusual spike in enrollment attempts involving possibly fake students. But officials have not yet been able to identify where the “pings” are coming from or how many colleges are involved.

They declined to comment on whether financial aid has been disbursed to scammers, saying the investigation is ongoing.

The system has reported the concerns to the U.S. Department of Education’s Office of Inspector General, which is also investigating, a campus official said.

“I’m certainly alarmed,” Oakley said in an interview Monday. “There’s lots of unscrupulous players right now trying to access and exploit benefits, not unlike what’s happened with unemployment insurance and any number of other benefits that have been made available recently because of the pandemic.

“But I’m confident that the colleges have been able to identify the activity and are working to mitigate the risk to campuses,” added Oakley, who is on temporary leave to work on higher education issues for the Biden administration.

At San Joaquin Delta College in Stockton, faculty said they started noticing an unusual spike in enrollment for online classes last week, the first week of classes. Upon closer look, the college determined that an unknown number of “pseudo-students” had signed up for courses, according to Alex Breitler, director of marketing, communications and outreach.

“It looks like a person or group of some kind created pseudo-students and enrolled them into classes, presumably with the end goal of securing financial aid. We’re still trying to determine the extent of all this, but it does look like it was a sophisticated endeavor on the part of whoever did it,” Breitler told The Times. “We’re making plans to drop all of these pseudo-students, for lack of a better term, that closely fits the pattern we’re seeing. We’ll drop them from classes, we’ll block them from services and financial aid.”

It’s unclear how many fake accounts were created, but Breitler said he believes it was a significant number.

“Our biggest problem right now is that our legitimate students are being taken care of. That’s why we want to drop these pseudo-students,” Breitler said.

The Los Rios Community College District, which serves the greater Sacramento area, said its four colleges — American River College, Cosumnes River College, Folsom Lake College and Sacramento City College — have been hit with fraudulent registrations.

“We have a robust daily process in place that identifies enrollments that may be fraudulent and, after a verification process, we quickly disenroll them and shut down access to all district and college services,” said Gabe Ross, the district’s associate vice chancellor.

The nine-campus Los Angeles Community College District was not aware of any problems involving applications or financial aid, a spokesman said.

It was not clear what financial aid may be involved in the fraud — state-funded Cal Grants, for instance, or federal COVID-19 emergency relief grants. California community colleges have so far received more than $1.6 billion in emergency COVID-19 relief for low-income students. San Joaquin Delta College led the state’s community colleges in using the greatest share of relief funds for student grants — giving $1,500 checks to about 4,000 of its lowest-income students last spring with plans to double that amount this fall, EdSource reported.

Los Rios allocated $13 million in federal emergency grants in March 2020 and expects to deliver an additional $33 million to students this year to help with food, housing, course materials, technology, healthcare and child care.

Paul Feist, the system’s vice chancellor for communications, said the new security measures were undertaken in response to rising concerns about suspected fraudulent activity not only among colleges but also across industries due to the pandemic-driven shift to greater online operations.

Earlier this year, state officials announced they had confirmed that $11.4 billion in unemployment benefits paid during the COVID-19 pandemic involve fraud — about 10% of benefits paid — and another 17% are under investigation. The amount of aid siphoned off by fraudsters nationally surpassed $40 billion last year.

“Any financial aid fraud is unacceptable and takes away resources for deserving students looking to improve their lives with a college education,” Feist said.

In her memo Monday, Lundy-Wagner announced stricter security measures to minimize the risk of fraud beginning in September. For the first time, all college districts and their campuses will be required to report monthly the number of incidents of suspected and confirmed registration fraud, confirmed number of incidents of financial aid fraud and its dollar value.

Those measures build on enhanced security practices implemented in July, including the bot-detection software and a new policy requiring colleges to confirm if applications deemed as “likely fraud” are from real students or not within two weeks. Unless colleges confirm the applicants are actual students, the application will be automatically deemed as confirmed fraud and eliminated from the system.

“It is clear that nationally, bad actors are attempting to take advantage of any vulnerability across different sectors,” Lundy-Wagner wrote in her memo Monday. “As the Chancellor’s Office continues to take steps that will reduce information and cybersecurity threats during the admission and onboarding process, we are committed to ensuring access.”