QAA and Jisc join forces to advise HEIs how to counter cyber security threat

UK universities are being urged to be vigilant against an emerging cyber security threat from essay mills. The warning comes as the sector continues to deal with an unprecedented spike in ransomware attacks.

Essay mills, otherwise known as contract cheating sites, are looking to dupe students and cash in by hacking into university websites and placing content for their own ends that appears to be legitimate and aligns with university services.

Typically, attackers write on student-facing pages, with hyperlinks to their own websites, or hijack links to legitimate services with redirects to contract cheating sites. This type of devious activity has already been picked up at US and Australian universities and similar tactics could well be employed in the UK.

To help universities deal with this emerging threat, QAA and Jisc (the UK’s digital body for tertiary education) have joined forces to raise awareness and issue advice direct to HEIs.

Different from ransomware, which aims for mass disruption as leverage for extortion, essay mill attackers try to remain undetected and operate without the knowledge of the universities concerned, but much of the prevention advice is the same.

QAA’s Head of Policy and Communications, Gareth Crossman, said: 'Essay mills present a threat to the world-class reputation of UK higher education. These companies are unscrupulous and their exploitation of students risks their academic and future careers, while opening them up to blackmail and cyber crime.

'Their only motivation is money, so we need action from governments and online platforms to make operation as difficult as possible. This is why QAA is also campaigning for legislation to criminalise essay mills.

'We urge universities to follow the technical advice available from Jisc and to raise awareness among staff and students of the new tactics employed by essay mills. Users need to know what to look out for and how to report any suspicions.'

Jisc’s Director of Security, Henry Hughes, said: 'Cyber attacks are a growing problem for colleges and universities and, as is probably the case with illegal essay mill activity, is often driven by organised crime.

'There are steps that can be taken to minimise risk, including using cyber security services that can block known malicious content, help mitigate phishing attempts and other forms of attacks against UK education and research.

'Jisc is working with universities, colleges, sector bodies, and regulators to help coordinate a policy-based approach to blocking a wide range of cyber security threats.'