Western Sydney University is grappling with a significant cybersecurity breach that took place on Tuesday, involving fraudulent emails sent from accounts posing as university officials. These emails alarmed students by falsely claiming their degrees were revoked. This incident is part of a growing trend of cyberattacks affecting major Australian institutions.
The scam involved two emails sent to students; one falsely stated that students were permanently excluded from the university, causing significant distress. The second email, allegedly from a “Parking Permits” address, detailed how the hacker accessed the university’s systems, suggesting the university had long been aware of security vulnerabilities.
The exact method of the breach is under investigation, but a fraudulent email hinted at a flaw in the university’s parking permit system. It claimed a previous breach involved exploiting this flaw using a browser tool called Inspect Element, which allows users to view and edit website code. While these changes are local to a user’s computer, cybersecurity experts warn that skilled hackers can use such tools to identify system vulnerabilities.
Experts also caution that AI could be exploited by attackers to analyze patterns and debug scripts, potentially aiding unauthorized access. Human error, such as forgetting to update security patches, also contributes to vulnerabilities.
This is not the first cyberattack on Western Sydney University; in 2024, personal data of 7,500 students was accessed without permission, and earlier this year, data of 10,000 students appeared on the dark web.
To protect personal data, experts advise vigilance with email links and attachments and recommend verifying sources through alternate channels. While total protection is elusive, maintaining updated security patches and using two-factor authentication can enhance security.
