A Sydney university has apologised to current and former students who received emails claiming their degrees have been “revoked”, saying the messages are “not legitimate”.
A lengthy email sent to Western Sydney University (WSU) students and graduates on Monday evening, purporting to be from the Policy Compliance Board of Trustees, said a “decision has been made to permanently exclude you from any further study at Western Sydney University”.
“As a result, any existing certificates or awards previously issued to you are hereby revoked.”
It said the “decision of the Board of Trustees is final and binding” and urged those who received the messages to seek legal advice.
A second email, claiming to be from “parking compliance, campus safety and security”, said the university had “once again fallen victim to a security breach”.
It said the computer system’s “vulnerabilities are easily exploited with just a few clicks”.
It said WSU failed to act after being made aware of “security weaknesses” in 2017 and in August sensitive data submitted through the university’s eForms system was hacked and stolen.
“Even more alarming is the fact that WSU has not disclosed this breach to students, leaving many unaware that their personal data may have been compromised. This lack of transparency is deeply troubling and further underscores the university’s disregard for student privacy and accountability.”
A lengthy fraudulent email sent to Western Sydney University students and graduates on Monday evening. (ABC News: Abubakr)
NSW Police called in to investigate
In a statement, the university said the two emails are “fraudulent” and apologised to any concerned students who received the emails.
“These emails are not legitimate and were not issued by the university,” WSU said in a statement.
An email from vice-chancellor and president George Williams sent to students on Tuesday morning confirmed the university was aware of the emails and reassured those who received the emails that their enrolments and award were unaffected.
“We are actively investigating this matter and taking steps to contain and address the issue,” Professor Williams said.
“NSW Police are also investigating the matter. In the meantime, we strongly advise you not to respond to these emails or click on any links they may contain.”
The university released a statement in August claiming it had enhanced its “cyber capabilities” after two cyber incidents in October last year and April this year.
These breaches involved important sensitive information, including Australian passport and visa numbers, bank account information and driver’s licence numbers.
‘My livelihood flashed before my eyes’
A former WSU medical student said they felt like “my livelihood flashed before my eyes” after receiving the scam email. (Supplied)
Alice Shen, who graduated with a medical degree from WSU in 2023, received a fraudulent email to her personal account that was “very formal looking” and contained the correct student number, her full name and details.
Ms Shen, who now works as a resident doctor, said the email scared her “for a very brief moment”.
“I felt like my livelihood flashed before my eyes, like, ‘Oh, if I don’t have my medical degree I can’t work as a doctor, if I can’t work as a doctor what am I going to do?’,” she said.Students ‘often’ received scam emails
After expressing initial shock, Ms Shen questioned the motive of the email as there was no phishing link and “no clear reason”.
“It was only when I went online and had a look … there was a Reddit forum and other people had posted about the same thing, I realised that it’s probably a scam,” Ms Shen said.
During her studies at WSU, Ms Shen said she often received fake emails.
“We got scam emails all the time … and it [would] come from an internal email address,” she said.
“The fact that they had my student number and they could reach out to me, just doesn’t sit right.”