Colleges have a new concern: “ghost students” – fraud fueled by fraud rings to obtain millions of financial assistance

Synthetic or “ghost” students refer to masses of falsified or stolen identities used by crooks to flood application and registration gates in college with thousands of bids in a few minutes – generally during the holidays, the weekend or other times that the admission staff will be naked bones. If they succeed, the fraud rings will try to record false students for the courses and request financial assistance, often removing real students who cannot obtain seats in the lessons they need. Ghost discomforts even used the submission of homework thanks to the use of AI, everything to try not to drop a class. Sometimes all they are going to get away with is a collegial email address. But even it has value, said security experts, giving the crooks a lock of legitimacy as a student. A simple e-mail address that ends with. EDU allows reductions on laptops, software, music streaming services and, critically, allows crooks to use these student identities to apply fraudulently for jobs in businesses.

The Ministry of Education launched a national program in June to eliminate identity theft in colleges and required new stages of identity verification for the start of the school year in the fall of 2025. The DOE noted that $ 90 million had been disbursed to ineligible students, including $ 30 million who went to stolen identities of deceased.

Kiran Kodithala, founder of the technological company N2N Services and the Lightleap.ai platform which was deployed among the colleges across the country to walk against ghost students, said that the percentage of fraudulent students in the California community college system is around 26% in 75 colleges and 1.2 million applications. Apart from California, the Lightleap system has found approximately one in five applications like a ghost student. This fraud rate applies to 24 non-california colleges with around 340,000 requests processed this summer.

In Rural Oregon, officials of the Lane Community College are preparing in the fall of 2025 for the assault of ghost students, Dawn Whiting, associate dean of registration management, said Fortune. The college was attacked for the first time in the fall of 2022 after launching a new rationalized request process designed to simplify the registration for students. This weekend, Lane saw around 1,000 requests browse her system, which was very unusual for a college with around 5,000 students.

Whiting and his team saw the usual fraud markers – similar zone codes, email addresses and telephone numbers on hundreds of requests. Whiting has disabled every 1,000 students’ email addresses and required additional identity verification measures. But the crooks pivoted. In the summer of 2023, ghosts adopted a new approach to infiltrate the system, filling seats in courses without prerequisites. The college has decided to implement a request for $ 25, even if the decision went against the institutional belief to be a community resource without obstacle.

But fraudsters have again zigzag. In the summer of 2024, around 300 requests sank at the same time, said Whiting, and the school abandoned them all classes. Now Lane assesses the opportunity to call on a third -party AI company to help strengthen her defenses. Its staff are looking for fraud, but it is not made up of cybersecurity experts, noted Whiting. Admissions and teachers mainly focus on the education of students and bring them to the right classes for their career path.

“We are outdoors,” said Colman Joyce, vice-president of student services at Lane. “Having students to follow more steps to register adds more obstacles and we are a community college. A number of our students are not warned in technology when they come here. ”

In California, community colleges are required to accept any eligible student and there is no request for applying. Kodithala said there had been a debate on the question of whether colleges of other states would see the same overvoltages of attack as California, in particular if there were additional obstacles to erase in the application, registration and order to register for courses such as a deposit or request costs. So far, it manages the whole range with or at no cost in place, he said. In schools outside of California, the rate is around 8% to 15% of fraudulent requests, Kodithala said.

Craig Munson, principal Director of Information Security of the Minnesota State which oversees 26 community and technical colleges and seven universities, said that the State uses AI and has teamed up with other Safety Schools and Consortia to discover new tactics that ghost students use to try to infiltrate school systems.

“Just as we take advantage of AI to protect ourselves, the attackers also continue to take advantage of it in a new and interesting way,” said Munson. “It’s a bit like an arms race. Every six months, the attackers tend to stop a way of doing things and going to a different tactic. ”

MUNSON and others in similar roles have refused to comment on the specific fraud markers they see this fall, but the tactics of false students a few years ago – which no longer succeeds – compound names, involved, randomized email addresses that seemed similar, and the same addresses and telephone numbers related to applications. The attackers have since changed speed.

For schools, the problem is formulated with complexity. Community colleges are supposed to be free access educational establishments, affordable for those who seek to obtain a associate diploma, to work for a career change or to pursue a passion. While California clashed with the swarms of ghost students, officials debated the establishment of nominal costs to add friction to the request system.

The Minnesota system includes three universities that charge minimum request costs, four that do not, as well as seven colleges with costs and 19 which are free. However, Kodithala noted that the addition of request costs invites fraud by credit card and gift cards. Menson said he saw the same problem at Minnesota. It also offers a false feeling of security if schools think that fraudster would not pay $ 15 or $ 25 for the chance of thousands of more easily, said Kodithala.

“This allows them to fly more easily because they know that everything they have to make is to make a payment,” said Kodithala.

Travis Blume, vice-president of student affairs and inscriptions in Michigan’s Bay of Noc Community College, said that the school had not seen hordes of ghost students like the other schools in Michigan, but it is prepared if they do. And because the school has only about 2,000 students in its two locations, the staff implemented a process of examining manual applications, he said. Any application that triggers suspicion receives an additional overview and the potential student is invited to confirm their identity by a notary or a person in person.

As a leader in a community education establishment, Blume fights with the same problems to add friction to a system that is as accessible as possible. “The community college is to bring people and educate them,” he said.

However, despite the vulnerability of community institutions against fraud regimes in AI, experts are trying to protect financial aid available to students.

“Higher education fraud is something that should be examined with all the severity and should be part of a global risk calculation,” Munsona of Minnesota said. “It is important to have close ties to local and federal police forces and with information sharing groups so that you can get information about threats and be flexible in your responses. As the attackers change, we have to change with them. ”