Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Students horrified by fraudulent emails that appear to revoke qualifications, as a second student email warns of ongoing cyber security failures.
Western Sydney University (WSU) has referred a scam email campaign targeting its students to NSW Police, after the emails – which appear to come from a legitimate WSU address – told students their qualifications had been revoked.
“Western Sydney University is aware of fraudulent emails sent to students and graduates, with some falsely claiming that they have been excluded from the university or that their qualifications have been revoked,” WSU said in a 7 October advisory.
“Please be assured these emails are not legitimate. The university has not issued any such notices, and your enrolment and/or awards remain unaffected.”
WSU said it is actively investigating the emails and is working to contain the issue.
“We strongly advise that you do not reply to these emails or click on any links they may contain. If you have any concerns, please contact the university through our official channels,” WSU said.
In a separate statement, WSU said the matter has been referred to NSW Police.
“These emails are not legitimate and were not issued by the university. We are reaching out to inform people that the email is fraudulent and have informed NSW Police,” a university spokesperson said.
“As this is part of an ongoing police investigation, we are unable to provide further comment at this time. We sincerely apologise for any concern this may have caused.”
The emails have caused significant alarm among students, with hundreds taking to social media to share their dismay.
“My sister has received a degree revoked email at 0250 AM in the email on a public holiday day. She finished her studies and graduated earlier this year in March,” one Reddit user said on 6 October.
“The email sender is no-email[@]westernsydney.edu.au. The domain is legit but the rest of it is very sketchy. She is super stressed and doesn’t know what to do, other than contacting uni tomorrow.”
The poster said the email did not contain any links or attachments.
At roughly the same time, however, an email from WSU’s Parking Compliance department has also been circulating among students, which alleges that the university’s security has been badly compromised.
“As you may already be aware, WSU has once again fallen victim to a security breach, highlighting their failure to take the necessary steps to protect your personal data and online security,” the email – which appears to be from a third party outside the university – said.
The email goes on to explain how an ex-student – currently charged with several offences regarding a string of security incidents and data breaches targeting WSU – was originally able to abuse a “simple browser tool” to gain a free parking permit.
“This is a glaring indication of the fundamental security weaknesses that still exist within WSU’s systems,” the unidentified third party said.
“What’s more concerning is that these vulnerabilities are easily exploited with just a few clicks, and anyone with a basic understanding of web development can access and manipulate sensitive information.”
According to the sender, WSU was made aware of these issues as far back as 2017, but has declined to take action.
“So the question remains: Has WSU done anything to secure their systems since then?” the sender said.
“Based on the fact that this email was sent using the very same vulnerability in their website, the answer appears to be a resounding no.”
The email makes several other allegations regarding falsifying and modifying student grades and other lapses of security at the university, before suggesting students take action.
“I urge you to take this issue seriously and consider taking the necessary precautions to protect your personal data,” the sender said.
“You should not rely on a university that clearly prioritises financial gain over your security.”
Cyber Daily understands that this second email is also subject to a police investigation.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
