• Library
  • Current students
  • Staff intranet
  • Find an event
  • Give
  • Contact us
University Home
  • Study
  • Research
  • Engage with us
  • About us
  • News & opinion
University Home
Home / About us / Governance and structure / Cyber security
  • Home
  • About us
  • Governance and structure
    • Governance: our leadership
    • Organisational structure
    • Portfolios
    • Feedback, concerns and complaints
    • Find a staff member
    • Cyber security
      • Cyber incident
    • Privacy and University information
    • University Calendar
    • University policies
    • Report wrongdoing

Cyber security

Safeguarding our data and technology
The University of Sydney takes a rigorous, standards-based approach to managing cyber security risks for our staff, students, alumni, affiliates, partners and vendors, and all other organisations and individuals who support our commitment to excellence.

Cyber security is one of the University's highest priorities, and crucial to our core mission – to excel as a world-renowned research and teaching institution.

We have invested in a significant program of activities and safeguards to ensure your data, our data and our information and communications technology (ICT) are safe and secure – whether you are a member of our community or you work or partner with us.

Our standards-based approach to managing cyber security risks is supported by a policy framework and substantial resources. The University is continually improving our cyber control measures, to enhance our ability to rapidly identify and respond to any cyber threat.

A shared responsibility

Technological control measures are vital, but they are not enough. All members of our community have a shared responsibility to protect ourselves and the University against cyber security threats. For example, the University provides mandatory cyber security training to all staff. We urge you to report any suspicious activity or potential cyber security threats, by contacting us.

Cyber security essentials – a one-stop guide

Cyber security advisories

Fake websites impersonating the University 

A fraudulent website recently impersonated the University of Sydney, hosting a fake offer letter and attempting to mislead individuals. The site, which was registered overseas, was taken down following swift action by the University. 

Scam websites like this are a known risk and continue to target trusted institutions- including universities– particularly around key times such as student application, enrolment and assessment periods. 

How fake sites work

Impersonation sites often mimic the University’s name and branding. Links to the sites may appear in phishing emails, social media posts, or misleading ads. They typically target students, staff and prospective applicants with fake offers, login pages or payment requests. 

Similar tactics are also used to create fake online stores or tutoring services. In some cases, these sites may be linked to blackmail attempts or other forms of online fraud such as contract cheating (paying someone to complete your university work) which is a serious breach of academic integrity, and money muling (being recruited to transfer illegally obtained funds through your bank account) which is a criminal offence. 

Look for unusual domain names

Many of these sites use look-alike domains which seem convincing at a glance:

  • sydney-university.org, or 
  • uni-sydney.com

Others use domain extensions from other countries, such as: 

  • .st (São Tomé and Príncipe) 
  • .co (Colombia)
  • .io (British Indian Ocean Territory) 
  • .me (Montenegro) 

These are real country domains but are often used in impersonation scams. If a ‘University of Sydney’ website doesn’t end in ‘.edu.au’, research the site and organisation before deciding to engage with it. 

Protect yourself from impersonation sites
  • Look closely at the URL - is it really the University? 
  • Be cautious with unexpected messages, offers or ads.  
  • Verify University communications by directly contacting the University. 
  • Report sites impersonating the University to the ICT Helpdesk, so we can investigate and take action: Email: ict.support@sydney.edu.au. Phone: 1800 SYD UNI (1800 793 864).

Cybercriminals rely on people missing the small details, so a few extra seconds to check could make all the difference. 

Learn more about common scams and how to avoid them.  

If you've been targeted by a scam on your personal accounts, report to Scamwatch to prevent further attacks. If your University account has been impacted by a scam, change your UniKey password and immediately contact the ICT Helpdesk on 1800 SYD UNI (1800 793 864). You can also connect with University support if needed. 

Fake verification prompt that initiates malware

Cybercriminals are using fake CAPTCHAs to trick you into executing malicious code on your device.  A legitimate CAPTCHA is a security challenge designed to verify you are human and not an automated bot. This may involve:

  • Clicking a checkbox (‘I am not a robot’)
  • Selecting images based on a prompt (‘identify all traffic lights’).

Fake CAPTCHAs prompt you to follow additional steps that install and run malware such as the Lumma Stealer and Amadey Trojan on your device. Once executed, the malware can steal passwords, cookies and sensitive data, allowing attackers to access your accounts and bypass security controls. They appear when you access an infected website, ad or popup.

Threat details

A fake CAPTCHA looks like a standard verification prompt, however clicking the ‘I’m not a robot’ button copies a malicious script to the clipboard and displays the following additional instructions:

  • Press Win + R (this opens the Windows 'Run' dialog box)

  • Press CTRL + V (this pastes the script from the clipboard into the dialog box)

  • Press Enter (this runs the script).

Do not follow these instructions. A legitimate CAPTCHA will never ask you to run commands like this.

How to identify and avoid fake CAPTCHAs

Be cautious of suspicious CAPTCHAs and remember:

  • Legitimate CAPTCHAs are usually found on websites requiring user verification, such as login or account creation pages.

  • Be cautious of CAPTCHA pages that appear unexpectedly on sites that shouldn’t require them.

  • Legitimate CAPTCHAs only ask you to verify you’re not a robot or to click on certain images to confirm this. They will never prompt you to copy or run code.

If you have interacted with a malicious CAPTCHA

These steps only apply if you followed the CAPTCHA instructions.  Simply seeing the fake CAPTCHA does not install malware. 

  • Disconnect your device from any network/Wi-Fi to prevent further spread.

  • Change any passwords you may have entered after interacting with the fake CAPTCHA, as these may have been solen. Use a safe uninfected device to do this, such as your mobile phone. 

  • If you use a University-managed device, immediately report it to the Shared Service Centre on +61 2 9351 2000 (follow the prompts for the ICT). 

  • If you use a personal device, run a full antivirus scan and remove the malware. The Australian Cyber Security Centre has useful instructions on how to report and recover from malware. Consider taking your device to a local IT repair store if you're unsure about malware removal. 

  • If you lost money as result of this malware, contact your bank, the local police and IDCARE for further support.

Encountering a suspicious CAPTCHA

If you see a CAPTCHA that looks or behaves unusually: 

  • Do not interact with it.

  • Close the webpage. 

Reporting cyber security incidents

We understand the importance of responding quickly to prevent or defuse any cyber threats before they compromise our data security or ICT security.

If you are a member of the University community (staff, students, alumni etc), or work or partner with us in any capacity (industry partners, affiliates, contractors, government, vendors etc) we strongly encourage you to report any cyber security incidents in a timely manner. 

Incidents you should report include:

  • suspecting an ICT service, device or account has been compromised
  • evidence on vulnerable University ICT services
  • unauthorised disclosure of sensitive information or discovering a lost University asset
  • observing someone breaching University policy.

Members of the public can contact the Cyber Security Team and staff and students can email ict.support@sydney.edu.au. 

Cyber security framework

The University follows best-practice cyber security standards and has established a clear policy framework and invested substantial resources in its cyber security program. Read our policies on the University’s Policy Register.

The Cyber Security Policy 2019 (pdf, 216KB) defines the responsibilities and principles required within the University to protect the confidentiality, integrity and availability of ICT resources and digital information.

The Acceptable Use of ICT Resources Policy 2019 (pdf, 240KB) applies to all users of the University's ICT resources, and outlines user rights and responsibilities, the conditions of use of University ICT services, and penalties for misuse.

Government funds University-led cyber security network

The NSW Government announced $2 million in funding for a university-led cyber security network, of which the University of Sydney is a founding partner.

Our cyber security commitment

Read our policy

Report an incident or concern

Contact us

Facts_

8000+

Cyber security training is mandatory for all University staff

News_

Over 2,000 fake Android apps discovered

University of Sydney researchers analysed over one million Google Play apps and found over 2,000 counterfeit apps. Popular games such as Temple Run, Free Flow, and Hill Climb Racing were the most common targets for app impersonation.

Contact us

Email
  • ict.askcyber@sydney.edu.au

Related links

  • Cyber Security Policy 2019
  • Acceptable use of ICT Resources Policy 2019
  • Find out more about scams affecting current students