Fraud against the University, faculty, staff, and students can take many forms but it almost always involves money. We all need to be diligent, transparent, and open when or if we suspect fraud of any type. Read this to learn what you can do…
Fraud risks facing universities are increasing in scale and sophistication, driven by advances in AI and technology, and pose significant financial and reputational threats to UVM and to you.
While the University has taken proactive steps to mitigate these risks, including coordinated institutional efforts, timely reporting by faculty, staff, and students remains critical to preventing and responding to fraud. This Compliance Alert provides information on what else you should do if you suspect fraud.
The Threat is Real...And is Growing!
From AI-generated phishing emails nearly indistinguishable from legitimate communications, to automated schemes targeting financial aid, procurement systems, and research data, to chemically washing paper checks to change the “Pay To” or the amount, the volume and complexity of fraud attempts directed at universities is growing. UVM is not exempt from this reality.
The University has taken a number of proactive steps to reduce fraud risk, including the establishment of a “Fraud Task Force” that brings together expertise from across the institution. But institutional safeguards are only part of the equation.
You are one of our most important lines of defense!!
What Fraud Against Research Universities Looks Like
Fraud against universities includes any intentional deception or misrepresentation intended to result in an unauthorized benefit at the institution’s expense. It can take many forms… many of which cross multiple categories (list not all encompassing):
- Financial and accounting fraud – falsifying financial records, misappropriating University funds, embezzling, failing to enter PTO or otherwise falsifying payroll data, manipulating paper checks and other financial transactions, or tricking employees into providing DUO codes so bad actors can change direct deposit information and steal employee paychecks
- Procurement and vendor fraud – creating fictitious vendors, billing for services not rendered, changing legitimate routing and account numbers to accounts owned by the bad actors, posing as vendor or banking employees in order to gain or change critical financial information, or kickback arrangements
- Financial aid and tuition fraud – submitting fraudulent enrollment applications then applying for financial aid after being accepted, using false address information to get in-state tuition, or misrepresenting eligibility for student aid
- Institutional research fraud – submitting false grant applications, misusing sponsored funds, research misconduct, or misrepresenting effort on research projects
- Research participant fraud – setting up “bots” to respond to paid research surveys thus collecting payment for numerous fake responses, providing false information to enroll in research projects for payment or to skew results
- Technology-enabled fraud – phishing schemes, fraudulent digital submissions, or other cyber-facilitated deception targeting University systems or resources
These are not hypothetical risks and UVM is not immune. Research survey fraud, attempts to re-route employee paychecks and vendor payments, phishing schemes, and more have occurred at UVM. Additionally, other institutions of higher education have faced all of these scenarios, some resulting in the loss of millions of dollars.
Fraud can originate internally or externally, involve large or small amounts, can be perpetrated through individual attempts as well as through the use of bots and other technology that blasts out thousands of attempts at one time, and they can carry serious financial, legal, and reputational consequences.
What You Should Do if You Suspect Fraud Against UVM
You do not need to be certain that fraud has occurred. If something doesn't look right, please SPEAK UP and speak up IMMEDIATELY!! The sooner we act, the better chance we have to prevent the fraudster(s) from being successful. Report your concern promptly using the appropriate channel:
Types of Suspected Fraud and Who to Notify
Cyber-enabled fraud
Examples include phishing, hacking, and digital identity theft targeting University of Vermont (UVM) systems.
Who to notify:
Information Security Office
Email: iso@uvm.edu
Non-cyber fraud
Examples include financial, procurement, research, vendor, or aid-related fraud.
Who to notify:
Office of Compliance and Privacy Services
Email: compliance@uvm.edu
Additional reporting option: Use the UVM HELPLine
When you make a report, try to include as much detail as you can. Let us know what you observed, when, who may be involved, and any supporting documentation including emails and attachments. Our team will take it from there.
A Note About Personal Fraud
The University's fraud prevention efforts are focused on fraud directed at UVM… its funds, systems, research, and operations. If you believe you have personally been the victim of fraud or identity theft unrelated to University business, we encourage you to reach out to the Vermont Attorney General's Consumer Assistance Program, the Federal Trade Commission, your financial institution, or to law enforcement for guidance. While these matters fall outside the University's purview, we are always happy to help point you in the right direction.
Where Can I Find More Information?
- Federal Trade Commission (FTC)
- Federal Bureau of Investigation (FBI)
- Department of Education
- UVM has also developed internal guidance regarding research survey fraud (PDF).
We will continue to provide guidance as scams are identified.
Contact the Office of Compliance and Privacy Services at compliance@uvm.edu or 802-656-3086 with questions or if you would like us to come talk about this at one of your staff meetings.