Sydney Uni Students Receive Hoax Emails Saying Their Degrees Were Revoked

This week, Western Sydney University (WSU) students and alumni have received emails which falsely claimed to be WSU and declared degrees had been ‘revoked’.

WSU confirmed to The Guardian that the duplicitous email had been sent, but not by the university, and the police are involved.

“We are reaching out to inform people that the email is fraudulent and have informed NSW police,” a WSU spokesperson said in a statement. “As this is part of an ongoing police investigation, we are unable to provide further comment at this time. We sincerely apologise for any concern this may have caused.”

WSU have not yet confirmed how many emails were sent out, and it is currently unknown if any other universities have been affected.

Students criticise WSU’s cybersecurity

But students who did receive the email in question are speaking out online.

One student posted a screenshot of the email with the caption, “Revoke? Me? I graduated a decade ago. That certificate is was used as firestarter already……. But goodjob #WSU . You guys have always lacked so much security that kids these days can hack your Database by doing SQL injections.”

The email screenshotted in the tweet reads:

“We regret to inform you that, following a thorough review, a decision has been made to permanently exclude you from any further study at Western Sydney University. As a result, any existing certificates or awards previously issued to you are hereby revoked.”

“This action has been taken in accordance with the Western Sydney University Act 1997, the Western Sydney University By-law 2017, and the relevant policies outlined on the Policy DDS platform.”

Revoke? Me? I graduated a decade ago. That certificate is was used as firestarter already……. But goodjob #WSU . You guys have always lacked so much security that kids these days can hack your Database by doing SQL injections. #emailhacking #cybersecurity #whatsecurity pic.twitter.com/i9gV3Hylp0

— Scrubz (@Scrubzoce) October 6, 2025

WSU past cybersecurity flaws

It is not clear whether the emails connect to any other past cybersecurity incidents, as WSU did not respond to City Hub‘s request for comment.

However, a former WSU student was arrested back in June, facing 20 charges for allegedly manipulating university systems to get discounted parking and modify her grades.  

The previous July, WSU issued a public statement, notifying students that unauthorised access to the IT network had been discovered in January and the university was undertaking “forensic investigations” to determine the full nature, scope and scale of the incident. The university notified approximately 7,500 individuals whose personal information was affected in the incident.