AI Bots Stole $264K in Financial Aid via Fake Student Accounts

AI-powered fraud exploits community college systems

Baltimore City Community College lost more than $264,000 in taxpayer-funded financial aid to an automated fraud scheme that used artificial intelligence to create 145 fake student accounts, according to a new state audit first reported by WBAL-TV 11 News Investigates.

The scheme combined stolen personal identities with AI automation to submit mass applications to online courses, then generated bogus assignments to maintain the appearance of active enrollment long enough to trigger financial aid disbursements. State auditors faulted BCCC for failing to properly verify student documentation before releasing funds.

How the attack works

Bryan Deehring, a cyber defense professor at Anne Arundel Community College, described the tactic as "surprisingly simple, incredibly effective." Fraudsters use AI bots to automate what would otherwise be labor-intensive identity fraud at scale.

"Scammers steal real people's identities — which is not a new threat — and they create synthetic ones and use them to apply online to primarily online community college classes, the kind with no in-person requirements," Deehring told WBAL-TV.

The AI automation requires no advanced programming skills. A simple prompt can instruct the system to identify schools with online courses, apply using databases of stolen identities, and continue the process until successful. The bots then submit assignments to maintain enrollment status through the financial aid disbursement period.

Red flags ignored

In May 2024, BCCC identified potentially fictitious students who had registered for identical courses multiple times or showed no prior academic testing history. The institution flagged these accounts for additional verification but continued to award federal and state aid while confirmation was pending — a decision that enabled the fraud to succeed.

Why it matters

This case demonstrates how AI tools are lowering the technical barriers to financial fraud at educational institutions. Community colleges with predominantly online programs face particular vulnerability because they lack in-person verification touchpoints. The attack method is easily replicable across institutions that haven't implemented robust identity verification and enrollment monitoring systems. BCCC may be required to reimburse the federal government for the fraudulently disbursed aid, creating additional financial pressure on the institution.

Institutional response

BCCC President Debra McCurdy told auditors the college is implementing a centralized tracking process for potentially fraudulent accounts, requiring documentation of review actions and resolution outcomes. The institution is also establishing formal procedures to evaluate suspected fraud cases for referral to the U.S. Department of Education Office of Inspector General.

BCCC expects to have protective measures in place by October 31. The college did not respond to requests for additional comment from WBAL-TV.

Experts indicate the school may face financial liability to repay the federal aid that was fraudulently obtained.

This report was first published by WBAL-TV 11 News Investigates.