UK universities are being urged to be vigilant against an emerging cyber security threat from essay mills. The warning comes as the sector continues to deal with an unprecedented spike in ransomware attacks in the first six months of year that has already exceeded the total number for 2020.

Essay mills – otherwise known as contract cheating sites – are looking to dupe students and cash in by hacking into university websites and placing content for their own ends that appears to be legitimate and aligns with university services.

Typically, attackers write on student-facing pages, with hyperlinks to their own websites, or hijack links to legitimate services with redirects to contract cheating sites. This type of devious activity has already been picked up at US and Australian universities and similar tactics could well be employed in the UK believes the Quality Assurance Agency for Higher Education (QAA).

To help universities deal with the threat, QAA and Jisc, the UK’s digital body for tertiary education, have partnered to raise awareness and issue advice direct to higher education institutions.

Gareth Crossman, QAA’s head of policy and communications, said: “Essay mills present a threat to the world-class reputation of UK higher education. These companies are unscrupulous and their exploitation of students risks their academic and future careers, while opening them up to blackmail and cybercrime.

“Their only motivation is money, so we need action from governments and online platforms to make operation as difficult as possible. This is why QAA is also campaigning for legislation to criminalise essay mills.

“We urge universities to follow the technical advice available from Jisc and to raise awareness among staff and students of the new tactics employed by essay mills. Users need to know what to look out for and how to report any suspicions.”

Jisc’s director of security, Henry Hughes, added: “Cyber attacks are a growing problem for colleges and universities and, as is probably the case with illegal essay mill activity, is often driven by organised crime. There are steps that can be taken to minimise risk, including using cyber security services that can block known malicious content, help mitigate phishing attempts and other forms of attacks against UK education and research.”

Share Story: