top of page

Hackers Use Fake Scam "Honor Societies" To Compromise Students And Parents



‘Tis the season for young and promising highschool graduates to enter professional universities, as well as for talented college students to renew money for scholarships. With every summer, it is customary for students to be invited to join honor societies to beef up resumes and to gain opportunities for internships, academic grants, and order nice merchandise to show off their scholar abilities. However, a word of caution to these amazing people and well-meaning parents: Be extremely careful who you give your personal information to! Some of these honor societies that pop up in your inbox are actually social engineering tactics developed by hackers to gain access to your credit cards and personal data.


This type of attack isn’t new at all, but has repeatedly been used since official honor societies asked schools to send information about students who could qualify as members. According to a Goodcall blog post “College Honor Society Scams Prey On Students and Parents” by Terri Williams, usually students with a 3.2 GPA are sent invitations to join legitimate honor societies, but suspicious organizations calling themselves honor societies have been popping up in just about every highschooler’s email.


WHAT IS SOCIAL ENGINEERING?



During the Covid-19 pandemic, where mass amounts of users are spending more time online and in isolation, there is a higher probability for students and parents to fall victim to these attacks. From the Digital Guardian’s blog, social engineering is defined as a

“non-technical strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. ... When successful, many social engineering attacks enable attackers to gain legitimate, authorized access to confidential information”. -DigitalGuardian.com "What is Social Engineering? Defining and Avoiding Common Social Engineering Threats"

HOW HACKERS USE “HONOR SOCIETY SOCIAL ENGINEERING”

For an honor society scam, hackers use social engineering to create a website masked as an official honor society with a form for victims to fill out their personal information. This form will usually ask the victim to provide the following:

  • Name

  • Date of birth

  • Gender

  • Email

  • Phone number

  • Address

  • Credit or Debit card information

  • *Sometimes even an SSN*

The information that fake honor society websites usually ask for is the same or similar to that of legitimate honor society websites. However, hackers use the information provided by a user to create a profile for identity theft or to gain backdoor access to a user’s more personal data. Along with receiving money from a user paying a “membership fee” between $50 to upwards of $100, hackers can do a lot of damage with a user’s credit card information.


Using social media, attackers have many ways of identifying potential victims. On social media outlets popular with younger age groups, attackers will look for celebratory posts on instagram and twitter, or graduation announcements made by parents on Facebook. They can also identify recent highschool and college graduates by their email addresses, if the graduating year (“2020”), school name, or recent birth year (such as 2000-2002) of a user appears in their email address.


The hacker then sends an email masked with an invitation link leading back to the fake honor society website. Attackers use the promises of “$1 million worth of scholarship opportunities”, leadership manuals, materials to get hired or career help, and free scholastic merchandise to lure unsuspecting users back to the fake website, hoping that they will fill out the dangerous form for information.


Due to the unfortunate lack of security awareness, younger users can easily be caught up in these schemes. Gen Z-ers are prone to use technology skillfully, but rather hastily. From clicking out of many pages at a time, they are used to clicking on links without any second thought. Since many of these students are bright and qualify for legitimate societies, they may have no suspicion about being invited to join several honor societies at once, and will click on any one of the false websites. Parents of these children, while well-meaning, may also not give any second-thoughts to their talented child joining honor societies that are actually attempts to steal personal data.


HOW TO DETERMINE LEGITIMACY

As always, we should all be careful who and where we share our personal information with online. Before entering any personal information to an honor society website, we must figure out whether this could be a legitimate organization or a malicious social engineering attack. There are a few ways to do this:


1. Go through your own personal checks.

Be realistic about whether you or your child truly qualifies to be invited to join an honor society. Usually the requirements are for students to have at least a 3.2 GPA, which means that they consistently earn satisfactory to excellent grades throughout the middle to high school levels. If a student does not reach this level, they are usually not sent invitations to join honor societies.


2. Examine the email in your inbox

Look at the name that the organization is claiming themselves to be. Google it before you visit their website! If you see among searches that this honor society is painted as a scam, do not trust it and do not click on their link. If you cannot find reviews for this society on the internet, then it is likely that this organization is not legitimate.


It is also a common social engineering tactic for hackers in an email to give a victim a tight time frame to reply to in order to generate an urgent response. If one of these honor society emails is asking for a user to join in a tight window (for example, input your membership information before the next week), it’s likely that it is a scheme to get your personal information faster. Usually, honor societies invite members to join year round or within a longer time frame of 2-3 months for their joining periods.


3. Examine the website

If you are still unsure and can’t find much information about the “so-called” honor society from the internet, look at the website that the organization has set up. There are many clues to tell if it is sketchy:

  • There are no established chapters

Usually, you should be able to view where in the country the organization has already established chapters for members.

  • There is no CEO or contact information

It is certainly a sign that the organization is a false one if they have no figurehead or if they lack the basic contact information for a user to ask questions of an organization employee.

  • There is no founding date or headquarters, as well as scarce information about the organization itself

If the website page looks a little sparse, it probably means that not a lot of time or care has been put into the organization. This is a sign that whoever created this site only wants it to look professional, but has no qualifications to be legitimate.

  • The principles, credo, or values of the organization are absent or do not make sense

Legitimate honor societies that have been around for long periods of time are based on moral standards or ideals of a mission. They have credos that speak about integrity, virtue, knowledge, or other ethical subjects for members to follow by example. If an organization’s purpose as a society is absent from their “About” page or is rather a flimsy excuse to appear like it knows what it is talking about, it is most likely a fake.


CONCLUSION

There are countless ways to analyze an honor society website to tell if it is a scam, and I suggest visiting the official Honor Society Museum website and Terri William’s Goodcall blog post "College Honor Society Scams Prey On Students And Parents" to find more tips. Both are extremely thoughtful guides that have been used to shape the focus of this blog post, and are helpful in protecting victims from this type of attack.

Below is also a list of legitimate honor societies that have proved the test of time (and well, legitimacy). Overall, we must be careful online with who we trust, but in good graces, congratulations class of 2020!


List of Legitimate Honor Societies:

SOURCES

bottom of page