Universities warned to be vigilant against cyber-security threats from essay mills

The Quality Assurance Agency for Higher Education (QAA) said essay-writing services could “dupe students” and cash in by hacking into university websites and placing content that appears legitimate.

Essay-mill attackers typically write on student-facing pages with hyperlinks to their own websites or hijack links to legitimate services with redirects to contract cheating sites. US and Australian universities have already picked up on such activity and UK authorities could employ similar tactics, the watchdog warned.

The sector has seen a spike in ransomware attacks. The QAA and education technology not-for-profit organisation Jisc have recently collaborated to raise awareness of the emerging threat and issue advice directly to higher education institutions.

Essay mills, which are illegal in some countries such as Australia and New Zealand, make money by encouraging students to cheat in assessments.

“Essay mills present a threat to the world-class reputation of UK higher education,” said Gareth Crossman, head of policy and communications at QAA. “These companies are unscrupulous and their exploitation of students risks their academic and future careers while opening them up to blackmail and cybercrime.”

He added: “Their only motivation is money, so we need action from governments and online platforms to make operation as difficult as possible. Therefore, QAA is also campaigning for legislation to criminalise essay mills.”

Crossman urges universities to follow the technical advice available from Jisc and to raise awareness among staff and students of the new tactics employed by essay mills. “Users need to know what to look out for and how to report any suspicions,” he added.

Meanwhile, Henry Hughes, director of security at Jisc, said: “Cyber attacks are a growing problem for colleges and universities and, as is probably the case with illegal essay mill activity, is often driven by organised crime.”

Hughes said universities can take certain steps to minimise risk, including using cyber-security services that can block known malicious content, help mitigate phishing attempts and other forms of attacks against UK education and research.

Jisc is working with universities, colleges, sector bodies, and regulators to help coordinate a policy-based approach to blocking a wide range of cyber-security threats, Hughes highlighted.