Close this search box.

Smishing Attack on Australian University Impacts 47,000 Students


An attack on Deakin University that compromised nearly 47,000 current and past students was conducted with smishing attempts.

Attack details

On Sunday 10 July, an unauthorised person accessed information held by a third-party provider using a staff member’s username and password.

The Victorian university was using a third party to forward messages prepared by the university to students via SMS. A SMS was sent to 9,997 students using information accessed by the attacker, posing as a message from Deakin.

This smish was a parcel delivery scam containing a link that, when clicked, led users to a website asking for additional information, such as credit card information.

The scam text read: “Your parcel is available. You have to pay customs fees urgently on the link below.” The message was followed by two links, both of which took the student to a form which asked for extra information including credit card details.

The attacker managed to obtain the contact information for 46,980 current and former students at Deakin University. Names, mobile numbers, university emails, and “special comments” such as recent exam results were among the information provided.

“Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again,” said the university.

According to the university, the Office of the Victorian Information Commissioner (OVIC) will be consulted regarding the breach. In addition, it will make sure security protocols are enhanced with the third-party provider to prevent any recurrence.

Education’s biggest challenge: the human factor

The reason educational institutions are subject to so many cyberattacks is mainly due to an extensive attack surface, which can lead to numerous vulnerabilities. With the amount of valuable information stored, as well as the rapid digitisation and increased use of BYOD devices, cybercriminals unfortunately find this an attractive target.

Preventing and responding to data breaches in the education sector

  • Cybersecurity training: It’s important to provide relevant cyber awareness training to staff and students, who play an important role in organisational cybersecurity, and are often the ones preventing phishing and ransomware attacks.
  • Update systems regularly: Updates to operating systems, browsers, and applications fix vulnerabilities and protect against new threats. In terms of cyber safety, this is a simple good practice that can make all the difference.
  • Preparation is key: Although raising awareness and instilling good security habits is important, this may not be enough. It’s important to be prepared for the possibility that your school or university could be attacked. If an incident occurs, make sure your team has an incident response plan or ransomware response checklist. An experienced cybersecurity organisation can cut through the chaos and take the right steps before, during or after a crisis hits.
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →