Want to pretend you went to the Ivy League? If you have some money and know how to log onto China’s version of eBay, Taobao, it’s not so hard. It is, however, illegal.
Researchers from Palo Alto Networks discovered stolen and fake .edu email addresses for sale on China’s largest online marketplace. Some of the sellers were upfront about stealing the addresses from current students, even providing tips to avoid getting caught by the legitimate college kid.
Harvard emails fetched $US390, but you can buy others for as little as $US0.16. The complete list of bootleg email addresses includes Stanford, Yale, Princeton, Columbia, University of Toronto, Imperial College London, University of Chicago, Duke, and a variety of Chinese schools, as well as some more obscure community colleges.
While Taobao removed some of the most blatant email offerings after the researchers contacted them about the problem on August 27, plenty of others remain. Most allow you to make up your own custom .edu address, or won’t specify the names of the universities until you ask the seller.
Why would anyone want a school’s email address, other than to brag about a fake scholastic background? For starters, there’s a wide variety of discounts available only to students, including a cheaper version of Amazon Prime, and deals from Apple and Dell. As the researchers pointed out, the most popular reason people buy these fake addresses is to unlock Microsoft’s Windows 7 and 8 developer accounts as a student, since that means you don’t need to pay.
For email addresses stolen from big institutions, you could also use them to gain access to their considerable online resources — like academic databases — though it looks like most of those sellers have already been shut down.
Then there’s the opportunity for phishing. Palo Alto Networks noted that many universities require two-step verification in part to avoid phishing scams from people who gain access to a student account, but with so many fake and stolen student accounts available, it’s still bad news for school security. And it’s even worse for Harvard students who want to wave their .edu’s around in pride. [Palo Alto Networks via Quartz]
Picture: via Flickr