Years since first being targeted Despite attacks from financial aid scammers during the coronavirus era, California community colleges remain unable to completely shake off fraud.
It’s not for lack of effort. Universities have made strides in using machine learning tools to sniff out the many fake students created by scammers through artificial intelligence. Most universities now use AI software to screen applicants.
But the problem is that the most sophisticated fraudsters continue to exploit new loopholes and vulnerabilities to steal financial aid, continuing a seemingly endless cat-and-mouse chase against the state’s community colleges.
Some people pretend to be homeless or underage to avoid verification requirements. Some people steal the identities of former students. And some pretend to be real students for an entire semester, taking and completing courses to appear legitimate, and then stealing aid the next semester.
In the first quarter of this year, 116 university systems distributed about $1.9 million in financial aid to students found to be undocumented, according to data obtained by EdSource through a California Public Records Act request. That includes just under $700,000 lost to fraud in March, the most recent month for which data is available.
These amounts may increase. It can sometimes take months for universities to identify and report scholarship fraud. The data redacts the names of individual universities, so the amount of fraud at universities in each region is unknown.
The system has lost more than $30 million to fraud since 2024, but recent losses have been lower than the highest levels experienced in early 2025. From January to May 2025, a number of fraudsters used AI to flood the system with bot students and steal more than $13 million.
Since last summer, when many universities began using AI to detect fraud, losses have fallen to about $500,000 per month.
“Are there still some degrees of fraud and unauthorized access to financial aid? Yes. Are the problems lessening? Yes,” said Chris Ferguson, the community college system’s executive vice chancellor for finance and strategic initiatives.
Utilization of AI
Because community colleges are open access and typically admit any student who applies, they have always been at risk of cheating. The problem was exacerbated when many classes moved online due to the coronavirus pandemic.
This gives scammers more opportunities to register without having to appear in person. These universities are often targeted by criminals who are part of organized crime syndicates and sometimes operate abroad, including in Russia, Africa, and Asia.
This scam is not limited to California. Community colleges in other states, including Michigan, Oregon and New Jersey, have also suffered losses due to fraud. But California’s vast community college system, the nation’s largest, is the most opportune target.
The proliferation of artificial intelligence has made this problem even worse. At many universities, more than 30% of applications were false last year.
“It’s made it much easier for them to commit fraud on a larger scale,” said Victor DeBoer, dean of student services at the San Diego Community College District.
Community colleges in other states have also lost money to fraud, but California’s vast community college system, the nation’s largest, is the most likely target.
Since then, universities have used their own AI tools to fight back against bot students. Rather than relying solely on human staff to flag suspicious accounts, universities are now using machine learning to identify potential scammers by looking for red flags such as IP addresses from another country or phone numbers that match applicants from another campus.
The majority of universities in this system use an AI platform called Lightleap. Other campuses contract with various vendors. College of the Canyons in Santa Clarita uses Voyatek. The nine-campus Los Angeles area, California’s largest community college district, uses Socure.
Starting this summer, the Chancellor’s Office also plans to add Lightleap software to its system-wide application portal, CCC apply, to screen all applicants when they first apply for admission.
Jolie Hadsell, a senior official in the premier’s office, said: “This will allow us to better detect wrongdoing across agencies.”
One step ahead
AI detection software has helped, but authorities admit it can’t catch the smartest scammers who have learned how to pass themselves off as real students.
One of the ways they accomplish their deception is by stealing the identity of a real person using names, social security numbers, and other stolen personal information.
At College of the Canyons, officials began hearing from several victims who realized their identities had been stolen after being contacted by collection agencies over overdue tuition fees.
“They’re saying, ‘I never went to College of the Canyons. That’s not me,'” said Clinton Slaughter, the university’s interim vice president for student services. “That’s why we now need to go back and investigate each individual case to assess exactly what happened and whether aid was paid.”
In some cases, scammers identify accounts of former students who dropped out or graduated. They then try to access those accounts, sometimes calling the university’s help desk and claiming to be a former student and registering using their credentials.
Some scammers play the long game. When they first enroll, they take one or two classes in their first semester, complete those courses, and look like real students. You can register for a full course next semester and become eligible for more financial aid.
And once the financial aid checks pass, “they disappear,” Ferguson said.
“It’s hard to stop them because those were real people,” he added.
Scammers are always looking for loopholes to exploit.
In some cases, they may pose as students under the age of 18. This allows ID.me, the community college system’s primary identity verification platform, to skip some verification steps because it requires users to be 18 or older to create an account.
At some point last year, the Los Angeles Community College District decided to make its ID checks more lenient for homeless students, allowing them to apply without providing an address since many of them don’t have one.
Nicole Arbo-Lopez, the district’s vice chancellor, said the district suddenly received applications from thousands of students claiming to be homeless.
““So we learned that we can’t leave the back door open. So we learned that we can’t leave the back door open. So we learned that we can’t leave the back door open,” Arbo-Lopez said. They’ll find a way in. ”
If an applicant is flagged as suspicious, the applicant will typically be asked to verify their identity by coming to campus in person or by participating in a Zoom meeting.
Hadsell said some scammers have used deepfake technology, which involves superimposing someone else’s face on a Zoom call, in an attempt to pass authentication checks. Although many of the fraudsters are caught, authorities believe some are more likely to pass authentication checks that way, highlighting the difficulty of catching fraudsters who are constantly evolving and finding new ways to break into university systems.
“We’re always going to strive to get it close to zero, but the problem is that there are sophisticated individuals out there who may be good at stealing identities and making them look authentic,” Ferguson said. “So I think we’re going to continue to see some of that.”
This story originally appeared on EdSource.
