Cyber Incident Victim: Newcastle University

In July 2017, Newcastle University identified a fraudulent website impersonating its official domain (ncl.ac.uk) to deceive prospective students. The phishing site, operating under the domain newcastleinternationaluniversity.com, replicated the university’s branding elements—including colors and fonts—while incorporating flashy animations and a more polished layout than the legitimate site. This imitation targeted international applicants, particularly those unfamiliar with the authentic web presence, by presenting itself as a credible platform for course applications and tuition payments. The fraudulent site collected sensitive personal information including credit card details, passport numbers, and dates of birth—data that could enable both immediate financial theft and long-term identity fraud. The university confirmed the site had no affiliation with its operations but noted its sophisticated design increased the risk of victims mistaking it for a legitimate portal.

Newcastle University responded by issuing a public alert via Twitter on July 20, 2017, explicitly disavowing any connection to the fraudulent domain and urging applicants to avoid submitting personal or payment details. The institution directed all users to its official website (ncl.ac.uk) for secure transactions. While the exact number of affected individuals remained unknown, the university emphasized the severity of the threat due to the site’s capability to harvest comprehensive identity data alongside tuition payments. Security firm RSA separately advised general precautions against phishing, such as verifying URLs and avoiding email links, though their involvement in the specific incident was not detailed. The incident highlighted risks to international students and underscored the potential for financial and reputational harm to both victims and the institution.