Education Executive's Update

Protect Your Brand

There’s been quite a bit of media coverage on fraudulent applications being submitted to well-ranked universities, particularly coming from overseas students. This entails applicants cheating on various aspects of admission requirements, often using third parties to ghostwrite essays, or by providing false or misleading data. All of this is a well-known phenomenon to which admissions officers need to apply a filter. What’s less well known is a problem universities are subjected to at the hands of third-party agents conducting fake authorizations for prospective overseas students by creating what are called “honeypot” websites.

In brief, how the honeypot scam operates is through a website that attracts hundreds (sometimes thousands) of prospective students into a network of fake agents who hold out the promise of helping them gain admission to prestigious schools, in exchange for a large fee.

These agents, who mostly operate out of Southeast Asia, lure in these students, process their applications and charge them a fee to support the application in terms of academic accountability and data requirements in addition to all the overseas documentation and visas that need to be obtained. So far, so good — there are many legitimate agents out there who do this confounding paperwork for students wishing to study overseas. However, with honeypots there’s a catch. These agents represent themselves online as legitimate representatives of top universities such as Harvard or Stanford, when in fact they create fraudulent and brand-infringing websites that are practically indistinguishable from the real university’s own website. The university’s logos, colors and branding are used to create an aura of legitimacy.

From there the scam can go several ways, all of which are damaging to the university’s brand and reputation. At its worst, once the fee is received, the honeypot network tells the student that they’ve processed his application to, say, Harvard, but that the student “just missed” meeting the requirements for admission. Of course no application was actually sent or processed, though the fee was collected. Then the fake agent secures courses for the students in vocational training centers, English language courses or other programs — that have nothing to with the prospective university to which the students thought they were applying. Often students are sent off to bogus programs… overseas.

These “stepping stone” institutions differ considerably from real universities — in many cases, they are accredited agencies authorized to sort international students, but for much lesser-known universities. So while sorting them into these vocational training programs, English courses and feeder schools, the agency might say that they are representing Harvard University — so please apply through us. A prospective student in a country they’re targeting, say, Malaysia, indicates his wish to go to Harvard University. He goes to speak to the agent, who takes his money and tells him, “You didn’t meet the requirements. Here are the courses you can apply for. You’ve been accepted. Do you want to go?” In a surprising number of cases, the student accepts this offer.

So this is the underpinning of the honeypot scam. Sound complicated? It is. But it’s happening, and it can be a very effective deception. It has been costing many colleges and universities a good sum of money in lost tuition and other revenue, not to mention brand reputation and, potentially, some excellent candidates who could have attend those institutions. In these fake authorizations and honeypot schemes, a number of university brands have been targeted based on solid global reputation and size — and also on the university’s demographic, especially in terms of its international student population.


It’s my belief that every well-ranked university is a potential target of this brand-infringing scam. Before coming to the U.S., I’d worked on this issue with several universities in Australia. There are many people in Southeast Asia making a lot of money through defrauding prospective international students there. But I’m estimating that the problem is some 50 times worse in the U.S., where there are so many more prestigious colleges and universities that have built a high value brand for themselves.

The impact on the students is clearly massive — they are being duped, they are being swindled and they are being sent to faraway lands with no legitimate landing pad. But the impact for universities is huge also. While the students are being lied to, the fraud isn’t just with fake applications and dashing of expectations. It’s in brand infringement. And universities are losing revenue as a result. These fake agents are taking students, attracting them based on the brand prestige a university has built over the years, and sending them to places where the students never intended to go in the first place.


I’d like to outline the approach we had taken to help Australian universities, as I believe the same principles apply across the worldwide web.

Honeypot agencies set up an entire fake website, using a domain name identical or confusingly similar to an authentic university’s. They register what is called a country code top-level domain (ccTLD), which is a localized website suffix. In Malaysia, that would be .my — so online you might see, or (for Hong Kong). Scammers register in countries where the college hasn’t secured that domain name. They reproduce a carbon copy of the university’s website — using HTML structure, they actually pull the code from the real website and replicate it to make it look legitimate.

The infringing website contains a combination of content lifted from the university’s official site and localized, fabricated content used to attract students from the region. The fraudsters use official logos, the university’s own images, and/or images from the country they’re trying to steer the students to. They also optimize the website in local search engines.

To show just how far some of these fake agents will go, one in particular set up an information session in a building that was right next door to the university being infringed upon. On one of the websites, we found an announcement that they were holding an information session on a particular date. We informed the university, which sent representatives to the information session. The fake agents had banners, paperwork… everything ready to go, and they had absolutely no affiliation with the legitimate university or its website. That’s how nervy and brazen these scammers can be.

For this university, we scanned the Internet, looking for all cases of brand infringement — any way that a third party was using the university’s brand or logo, or its domain name — and we compared them against the websites of authorized agents the university knew about. This task gets into the nitty gritty of how the Internet works — checking and comparing different ISPs and working with different organizations around the world that actually get these websites removed.

All said it was a big project, taking about two years to get to a more manageable number of fake agents and websites. In many cases, we were able to get the infringing websites totally banned and completely lifted from the Internet. Our work in Australia encompassed a couple of colleges, but the sheer volume of online cleanup work was enormous. Top U.S. universities, such as Harvard and Stanford, would need to deal with multiples of this volume.


The first step for university admissions and marketing officers is to acknowledge that this online problem exists. Virtually all of the better universities are, correctly and understandably, concerned with upholding and protecting their brand, and virtually all of them are under attack online in multiple ways. The good news is that there are steps that all brand holders, including universities, can take against online fraudsters and brand infringers. This work requires constant vigilance, and involves putting an online brand protection plan in place, the end game being to remove fraudulent content from the online marketplace.

Universities need to take stock of their online brand presence, including all websites, social media and mobile components. They can do this by implementing a basic online brand-monitoring tool that will filter and target the various threats that are out there. Where are there cracks in the armor? An initial audit of fraudulent activity on social media platforms and mobile apps will provide a starting point. The audit should focus on the key issues that are most likely to affect your university’s individual brands and trademarks.

A next step would be to gain an understanding of the most pressing infractions. A balanced scorecard approach enables strategic decisions to be made based on activity relating to the most important brands in real time and will enable universities to focus on the enforcement that makes the most impact.

Then comes the business of taking the scammers down. A university should have an enforcement program — a toolbox of mechanisms to get the infringed content removed. It involves working with social media, the ISPs and web hosts to remove or disrupt infringing material squatting on websites and social media platforms in several ways. These include using the platform’s own reporting mechanism for intellectual property infringements, using search engine mechanisms to remove links and directly asking the infringer to take down the fraudulent content. This combination of actions can be surprisingly effective.

Scammers take advantage of the fact that most colleges and universities don’t monitor their online presence very consistently — they’re generally not as on the watch with their brands as, say, banks are. Every time a bank’s logo gets put up on the Internet, they know about it instantly. We’ve found that some of these honeypot websites have been up for a long time — and all this while, the schools are getting soaked. For a particularly large problem, taking down the fake websites can be like an exercise in whack-a-mole. When one site is taken down, another new one pops up, so it’s necessary to constantly stay after it.

But the truth it that this is a big money scam. International student applications and visa and document processing means revenue — and in these honeypot schemes, that’s lost revenue for bona fide institutes of higher education. Even as they engage in the protection of their student populace, it’s time that they also get protective of their brands.

This article originally appeared in the issue of .