After the annual National College Entrance Examination (NCEE), Chinese high school graduates are now busy choosing a college and filling out college applications. The college picks are no trivial matter; it determines matriculation.
Phishers also do not want to miss out on this event and the opportunity to profit. If a candidates’ personal information is stolen by phishers, the victim and their parents can expect to receive a large number of spam messages or annoying phone calls—including civil college and overseas educational agencies advertising, or even attempts at financial fraud. Phishing websites may even make a candidate mistakenly think they have completed an application to a college—but, actually, they did not—which directly affects the candidate's future at this important juncture in their life. In addition, the candidate's information will be sold for profit to overseas educational agencies, fake credentials makers, or re-application services.
Phishers may use the following tricks:
Clone an educational website
The fake Web page is almost identical with the real one, except it includes embedded malicious script or the university contact information is fake. The links on this fake page will mimic the real one. When a candidate searches for a university through a search engine, the link of a fake Web page may appear in the search results. If the candidate clicks any links, they may be lead to a malicious phishing page.
Figure 1. Phishing site, "Beijing Economic Management Institute"
Figure 2. Legitimate site
Scam "smart" cards
This trick entices candidates to buy a "college entrance application smart card". This fake offer usually claims the smart card is used for completing the college entrance applications forms. The smart card is promoted to also provide access to learning skills like how to choose a college, or offer participation in a skills assessment along with helpful practice forms for college application. However, real college applications can only be achieved through legitimate educational websites of provinces, not any other way. These so-called "college entrance application smart cards" are just traps to fool people and obtain money them.
Figure 3. "College entrance application smart card" scam
Fake enrollment guidance service
This kind of website phishing entices candidates to pay for a service. However, when the user actually pays they will not get any guidance at all, just a loss of their money.
Figure 4. Fake enrollment guidance service
Alternative application process
Some websites may claim they can supply a "short cut" to admission for candidates who do not score highly in the college entrance exams. These websites display a notification asking users to submit their personal information for the application. If users fill out the form with their personal information, phishers will have stolen it for profit.
Figure 5. Fake "short cut" application for college admission
Most of the phishing websites use search engines, forums, or education advisory websites to promote these scams. We suggest candidates and their parents not click any suspicious URLs and be especially cautious during applications to college.