For the last three years, we have noticed instances of compromised college and university websites that use the
*.edu top level domain that push users toward a particular type of cheating service – “paper mills” – have increased exponentially. In this presentation we will explain both patterns of attacks we have documented along with our tracing methods with the
goal of helping campus communities better prevent similar exploits. We also offer some perspective on preventing similar
attacks from happening as we continue to see more teaching and learning happening in online spaces.