2025 Newsletters

Fraudulent Applications & Sensitive Information

February 5, 2025

Fraudulent Applications

A perfect storm of circumstances has led to a significant increase in fraudulent applications, in higher education, from so called “ghost students” or “Pell runners”.  Community colleges have been particularly vulnerable – scammers apply for federal and state financial aid, pocket the funds and vanish without ever attending classes.

With the pandemic of 2020, institutions saw the prevalence of online scams. There was a shift from in-person to online and hybrid learning as well as the rise of AI (artificial intelligence) technology. This shift also made it difficult for professors to confirm the actual attendance rates of their students.

How it Works

Ghost students are not real students. They are created by scammers often using stolen identities, social security numbers (SSN) and fabricated academic records to generate fictitious student profiles and apply for enrollment. Scammers employ bots or automated systems to submit multiple applications quickly, often targeting community colleges and online programs where admissions barriers are lower.

Upon acceptance, “students” apply for aid through FASFA (Free Application for Federal Student Aid) and stay in class until the census date, doing the bare minimum to remain registered, even using AI to generate essays, and avoid being dropped from a class for non-participation. Once the financial aid is disbursed, the “student” withdraws the funds and vanishes. Pell Grants, which do not require repayment, are a common target because they are ideal for immediate financial gain.

With acceptance, they also gain access to other institution provided resources, such as: cloud storage or VPN and student (.edu) email addresses to help them carry out other potential scams.

Operational Impact

According to Cybersecurity Ventures, global cybercrime costs are projected to skyrocket from $9.5 trillion USD in 2024 to $10.5 trillion by 2025. In 2024, several high-profile data breaches (e.g. AT&T, U.S. government agencies and universities and Bank of America) compromised organizations across various sectors. These breaches contributed to billions of people’s data being published on the dark web for ghost students to use.

Since 2010, community colleges and higher education institutions have flagged an estimated 20% to 36% of their student populations as potentially fraudulent. This practice has cost educational institutions millions and has prevented legitimate students from accessing online courses. In California, the problem has become so prevalent the U.S. Department of Education has been looking into the matter, with 48 investigations currently in progress. 

Key Indicators of Fraudulent Financial Aid Applications:

The ongoing fight against fraud requires continuous modernization and vigilance, ensuring opportunities meant to help students are not exploited by bad actors. The complexities of shifting between in-person, virtual and hybrid learning have been met with an increasingly complicated and evolving cyber threat landscape where colleges have become primary targets of cyber threat actors.

Combating fraud is best accomplished through meaningful cybersecurity investment. The stakes are too high to ignore, and the tools to address these challenges are readily available.  By prioritizing software such as: multi-factor authentication (MFA), biometrics and other types of identity security tools, institutions can ensure they remain a place of integrity and excellence in education.

Reminder: Emailing Sensitive Information & Documents

We have noticed an increase in emails, with attachments requesting sensitive information, being blocked in Barracuda, McLennan Community College’s (MCC) SPAM filter.

Barracuda is set up to filter incoming/outgoing emails to help protect MCC from potential harmful content, files, and data leakage. Sensitive information such as: social security numbers (SSN), W-2s, dates of birth (DOB), credit card numbers, bank account information, etc. will trigger a block if detected.

Introductions & Identity Management

April 2, 2025

TLDR (Too Long; Didn't Read)

TLDR END

Our cybersecurity team is conducting introductory meetings with department leaders/teams across campus. Cybersecurity is not only the responsibility of Information Systems & Services (ISS) but everyone’s responsibility. Collaborating with you helps us to understand your day-to-day operations and individual needs.

We want you to know who we are, what we are up to, and our vision moving forward. These meetings are an opportunity for you to voice concerns, make suggestions and ask questions. Ultimately, the goal is to promote a culture of security awareness and strengthen McLennan Community College’s (MCC’s) overall security posture. Thank you in advance for your participation.

Colleague External Email Requirement

MCC plans to implement Identity Management (IDM). This is a process to ensure individuals have the right technology access at the right time based on individual roles and responsibilities.

Getting ready for IDM will require prep work, along the way. One such item is to require an external email in Colleague, for every student, faculty and staff member. Without an external email, you are unable to reset your MCC password.

This is not a new requirement, but we will begin to enforce. For newer employees, external emails are usually listed. For many previous employees, it is missing.

Process

Currently, there are between 150 – 200 employees without an external email address in Colleague. Those missing an external email address will receive an email notification, directing you to login to MyMCC and add an external email address.

You will continue to receive the email notifications until you add the external email address in MyMCC.

We will also begin sending automated emails to inform you of any changes made to your active directory (AD) account/email.

This includes updates to:

Emails

Be aware; these emails are not SPAM and are legit. Example emails can be viewed in the IT Hub (login to access):

More information will be coming from ISS over the next month or so. Keep an eye on communications for the exact date this process will begin.

SPAM & Maintenance Plan (TLDR)

March 6, 2025

TLDR (Too Long; Didn't Read)

The newsletters will now include a new section: TLDR (Too Long; Didn’t Read). This will be a short summary of the newsletter, providing key points in a brief format for readers who may not have time to read the full article.

Key points:

TLDR END

SPAM

We often receive SPAM (unwanted email) daily. McLennan Community College (MCC) utilizes Barracuda to filter and block SPAM (or phishing) emails. Sometimes, SPAM still gets through. Did you know you are able to block SPAM on your own?  For details on how to block, see: IT Hub: Block SPAM article.

Quarantined Phishing Emails

Reporting phishing emails is important to help protect the MCC community from potential harmful content, files, and data leakage. Barracuda is set up to filter incoming/outgoing emails and block suspicious content.

Recently, a phishing email circulated appearing to be from the Chief of Human Resources (HR), Missy Kittner. Some individuals received the email in their inbox and reported the email as phishing to the Help Desk (thank you). Once the email was triggered as phishing, Barracuda began to block the additional emails as ‘Quarantined’.

If a phishing email is quarantined, in Barracuda, you DO NOT need to deliver the email to your inbox to report as phishing to the Help Desk. In this case, Barracuda did its job. The Help Desk will work with the ISS team to purge all the phishing emails from everyone who received this email in their inbox.

Maintenance Plan

MCC will soon implement a regular maintenance schedule for specific applications/systems used at the college. The schedule will be published on the MCC website: Information Systems and Services (ISS) under Maintenance. Why are updates important? As mentioned in a 2023 Cybersecurity Awareness Month Newsletter, software updates are one of the easiest ways to boost cybersecurity.

Developers are constantly looking for clues cybercriminals are trying to break into their systems. To fix these issues and improve security, software companies release routine updates. These are important to protect against potential vulnerabilities and threats, ensure compliance and reduce legal risks, optimize performance, add new features and enhancements, address any bugs or errors, and prevent costly repairs by addressing issues before they escalate.

Welcome Back

January 8, 2025

Returning to campus after a long break can be difficult. We want to make sure you have what you need to hit the ground running!

Volume will be heightened with everyone slowly returning to campus. Our priority will be student-facing and classroom preparation requests. All other faculty/staff requests will be handled in the order they are received.

Need Technical Assistance? 

Account Reminders
Brightspace Reminders
MyMCC Reminders
Classroom Technology Tips

Security Awareness

As an institution of higher education, we (students, faculty, and staff) are a top target for potential cybersecurity attacks. Data breaches can be costly and are often caused by human error.

Online safety is not only the responsibility of IT (ISS). Our goal is to empower you with safe computing practices and guides to help protect you, our data, and community.

We created a suite of security awareness information on our website, to provide you with the information you need. Various topics are listed under Security Awareness. Check it out!

We look forward to the new year and a successful 2025!