In recent years, online learning and educational technologies have gotten evermore advanced, from virtual Zoom classrooms, meetings, collaborative file sharing and a host of other platforms. With these changes have come the headache of cybersecurity breaches for thousands of students.
Indeed, this prompted the University to send a mass email to all international students in late September, cautioning them to take care of their social media accounts and be vigilant of cyber fraud attempting to extract money from unsuspecting students.
The issue hits close to home for Celine Zhao, a third-year Media and Communications major and international student from China, whose friend was scammed on Weibo — one of China’s most popular social media platforms — following a case of impersonation back in 2021.
“He made an account with very little differences in terms of the name and he has the same profile picture as I do and exactly the same [social media] content that I do,” Zhao told Honi. “He basically pretended that he was me.”
“He told her that ‘I’m going back to China from Sydney and I had some issues when [I was] going over to the airport and needed money for an emergency’.”
Zhao said that initially, her friend raised suspicions. However, the scammer soon alleged internet and technical issues due to China’s version of Weibo: The social media platform is well-known for having two versions of their app, an international and domestic version reserved for Chinese residents.
“He made the excuse that because of the domestic version of Weibo he can’t use WeChat because of internet issues. He said that I can only chat with you [Zhao’s friend] and had issues with the airport,” said Zhao.
In the end, the scammer successfully scammed $2000 out of Zhao’s friend, mistaking them for Zhao until it was too late. For Zhao, the scammer was “really smart” in circumventing others’ suspicions and managing to avoid her friend’s instincts, relying on a variety of distraction tactics and obfuscation to lure victims into believing that they were genuine.
Similarly, Arian Valaei, a postgraduate in cyber security at the University of Technology (UTS), told us of his frustration surrounding the sheer volume of scam calls to his mobile phone.
He received frequent periodic calls from fraudulent call centres with random numbers. The turning point came one day when he decided to challenge an anonymous caller, calling out his bluff.
Retaliating against Valaei‘s challenge, the caller threatened to distribute Valaei‘s phone number to his global network. A few days later, he realised that this was the case, receiving fraudulent calls on an almost daily basis.
“I told him that this was fraud and he said that I offended him, he got angry and showed my phone number to his fellow frauds. And so, for the next couple of weeks, every day I had calls from all over the world, like several calls in a single day,“ Valaei said.
Following his experience, Valaei warns that students should attempt to, whenever possible, avoid answering fraudulent phone calls, with many cold calls designed to spread one’s mobile phone number across fraudulent networks even if the caller does not respond.
“Once they receive a call, they know that it belongs to somebody, so someone is using this phone number and can use this phone number for fraud and they update their database.”
In response to these incidents and the risk of cyber security breaches, the University asks students to “report any incidents as quickly as possible, so our cyber security team can provide appropriate support and advice”.
“We’re keenly aware of the risks our students can face with regard to their cyber security and keeping their information safe. We take our own cybersecurity responsibilities seriously and continually review and improve our systems to manage and protect the University against such threats.”
USyd outlines a number of common incidents that should be reported:
- Where a student suspects that their computer or account has been compromised.
- Having evidence on how a technology may be vulnerable.
Students can report cybersecurity incidents to the ICT Service Desk at 1800 793 864 (1800 SYD UNI) or dial +61 2 8627 1444 (select option 3 for ICT) or email: firstname.lastname@example.org.