Nidhi Razdan was all set to travel to Harvard University to start a new job, and a new life, when she received a stunning email.
A news anchor at the apex of her career, Razdan believed she would soon start teaching at Harvard.
She had told the world that she was leaving the news business and she had freely shared her most important personal information with her new employer — passport details, medical records, bank account numbers, everything.
But when she swiped open her phone in the middle of a January night, she read the following message from an associate dean at Harvard: “There is no record of, nor any knowledge of, your name or your appointment.”
The email closed: “I wish you the best for your future.”
Razdan felt dizzy and nauseated. “I just couldn’t believe it,” she said.
Razdan was one of several prominent female journalists and media personalities in India who were targeted, even after one of the women alerted Harvard and the public.
The incidents raised questions about why Harvard — despite its reputation for fiercely protecting its brand — did not act to stop the scam, even after being explicitly warned about it. They also revealed how easy it is for wrongdoers to hide their identities on the Internet.
The people — or person — behind the hoax were relentless. They created a constellation of interlocking personas across Twitter, Facebook, Gmail and WhatsApp to pursue the women for months at a time. Unlike typical online fraudsters, they did not appear to use the personal information they extracted to steal money or to extort the women, leaving their goal a mystery.
Nearly a year later, it is still uncertain why the women were targeted. Although the scammers expressed support online for the Hindu nationalist movement in India, they shed little light on their decision to trick reporters.
The New York Times reviewed private messages, emails and metadata the scammers sent to the women as well as archives of the scammers’ tweets and photos that the scammers claimed were of themselves. The Times also relied on analysis from researchers at Stanford University and the University of Toronto who study online abuse, and from a cyber security expert who examined Razdan’s computer.
The identities of the scammers remain a secret.
“It’s not like anything I’ve ever seen,” said Bill Marczak, a senior research fellow at Citizen Lab, an institute at the University of Toronto that investigates cyber attacks on journalists. “It’s a huge amount of effort and no payoff that we’ve identified.”
One at a time, the scammers selected their prey.
The first known target: Rohini Singh, an outspoken journalist who had delivered a blockbuster article in 2017 about the business fortunes of the son of Union home minister Amit Shah. She is a freelance contributor to the online publication The Wire.
In mid-August 2019, Singh received a Twitter message from someone calling himself Tauseef Ahmad, who said he was a master’s student at the Harvard Kennedy School and from Singh’s hometown, Lucknow. They chitchatted about Lucknow and he invited her to participate in a high-powered media conference. Harvard would pick up all expenses.
She was intrigued. But she grew suspicious after Tauseef connected her to a colleague, introduced as Alex Hirschman, who wrote to her on August 19 from a Gmail account rather than an official Harvard.edu email address. On top of that, both Tauseef and Alex had telephone numbers not based in the US.
Alex and Tauseef then asked her for passport details and some photos, to be used for promotional purposes.
A few days later, convinced their entreaty was a scam, Singh ceased communication.
The next target was another journalist, Zainab Sikander. An up-and-coming political commentator, Sikander campaigns against discrimination towards Muslims. She has also written and posted many critical observations of the Modi government.
On August 22, 2019, Sikander, too, received a Twitter message from Tauseef Ahmad, inviting her to participate in a high-powered media conference at Harvard.
Flattered and curious, Sikander began chatting with Tauseef on WhatsApp. She wasn’t thrown off by the fact that his phone number started with the country code of the United Arab Emirates, although he claimed to be in the Boston area. Maybe he was a foreign student with Dubai connections, she thought.
Just as in Singh’s case, Tauseef connected her to Alex Hirschman. What she didn’t know was that Alex and Tauseef were likely fake personas — a search of Harvard’s student directory showed no students by either name.
Still, something told her to beware. When she asked for a formal invite from a dean, it never came. Sikander then broke off contact as well.
The next target was another journalist working at a prominent Indian publication, who spoke with The Times on the condition that she was not identified. Suspicious about the scammer’s UAE phone number, she quickly broke off contact too. But the scammers didn’t give up.
By the time they communicated in November 2019 with Nighat Abbass, a BJP spokesperson, they had copied email signatures from real Harvard employees and swiped official letterhead from the university’s website.
It was only after the scammers pushed for passport details and other personal information that Abbass decided she should check directly with one of the Harvard administrators included on the emails.
That administrator, Bailey Payne, a programme coordinator in the office of Harvard’s vice-provost for international affairs, responded, saying the invitation that appeared to have been sent from her Harvard.edu email address was fake. When Payne asked Abbass if she would like to share more information, Abbass eagerly cooperated. She sent in a trove — the phone number from the UAE, the emails, screenshots of the fake Harvard documents.
But it’s not clear what action, if any, Harvard took. Payne did not respond to requests for comment. Jason Newton, a spokesman, declined to comment.
By the time the hacker or hackers reached out to Razdan that same month, they were well practised.
That same month, Abbass tweeted a passionate video warning others to watch out for Tauseef and the scam.
“It was a mad year,” Razdan said, citing the string of huge stories that broke, from a conflict between India and Pakistan and national elections to the profound reorganisation of Kashmir. “I was mentally and physically exhausted.”
She said to herself: “If I don’t try something new now, I never will.” It was as if the scammers read her mind.
The first email arrived on November 14, 2019, from an earnest sounding student — Melissa Reeve — inviting her to a Harvard media seminar. She was then introduced, by email, to another student, Tauseef Ahmad. When he said there might be a journalism job available at Harvard, Razdan let her hopes soar.
The scammers were taking bolder steps to impersonate Harvard. They bought a website from GoDaddy, HarvardCareer.com, in January 2020 and set up a Microsoft email server that would soon allow them to send messages stamped with Harvard’s name.
She was then asked for references. Each of the people Razdan enlisted received an email from HarvardCareer.com with a link to upload a recommendation.
Harvard says it fiercely protects its trademark, employing software to detect new websites that infringe on its brand, but Newton, the university spokesman, declined to say if it had detected HarvardCareer.com.
The scammers continued to use it to send emails, capitalising on Harvard’s reputation.
In February 2020, Razdan was told the job was hers. It paid $151,000 (Rs 1.1 crore) a year. She received a lengthy contract. In June 2020, she tweeted: “Later this year, I start as an Associate Professor teaching journalism as part of Harvard University’s Faculty of Arts and Sciences.”
The scammers played off Razdan’s eagerness to connect with faculty members. Several times they invited her to do a video call with Emma Densch, a real dean at Harvard.
But the calls kept getting cancelled at the last minute. By December, Razdan began to get annoyed. She reached out to officials in Harvard’s human resources department. They didn’t write back. She then emailed Densch’s office directly, asking about the cancelled video calls.
That’s when she received the shocking email in the middle of the night.
New York Times News Service