Famous quotes

"Happiness can be defined, in part at least, as the fruit of the desire and ability to sacrifice what we want now for what we want eventually" - Stephen Covey

Sunday, January 17, 2021

How I fell for a Phising attack : My Story by Nidhi Razdan

Back in June 2020, I had announced on Twitter that I was moving on from NDTV after nearly 21 years to join Harvard University as an Associate Professor to teach journalism. I truly believed it was a terrific opportunity. But here I am, almost eight months later, devastated by the realisation that this entire process to "hire" me; my "appointment" to Harvard was all part of an elaborate and sophisticated phishing attack to access my bank account, personal data, my emails, my medical records, passport and my devices like my computer and phone. I wanted to write this piece to explain what happened to me and hope that it serves as a lesson to everyone else.

So how did this happen? In November of 2019, I was invited to speak at an event organised by the Harvard Kennedy School in early 2020. One of the apparent organisers of this event contacted me separately to say there was a vacancy for a teaching position and would I be interested. I submitted my CV, thinking I had nothing to lose by trying. I never really expected anything to come of it. A few weeks later I was "interviewed" online for 90 minutes. It all seemed legitimate, the questions were thorough and professional. I did a basic google search and found a journalism degree programme being offered by the Harvard Extension School. Contrary to what many are tweeting, Harvard has a school called the Extension School offering a Journalism Degree Programme. The actual programme is called the Master of Liberal Arts, Journalism degree. The Extension School lists 500 faculty of whom 17 are categorised as journalism faculty. A number of these people are working journalists. I believed I fit this profile.

In January 2020, I got an email from an alleged Harvard Human Resources person from what appeared to be an official Harvard email ID, with an offer letter and agreement. The offer letter and the agreement appeared to be on a genuine letterhead with the University insignia, and contained the "signatures" of all senior Harvard University officials who actually do hold those positions even today. The emails from this individual were all marked to what appeared to be an official group university ID. They also separately emailed my former employers at NDTV and others for recommendation letters and official-looking acknowledgments were sent back to them. They too did not think anything was amiss.

Over the next few months, many emails were exchanged between me and these alleged Harvard email IDs where they sought my personal information for a "work visa". I was also sent an "official" invitation to attend a faculty orientation in March 2020 but that was called off due to the pandemic. I honestly didn't think anything of it since COVID had suddenly started disrupting all our lives and lockdowns were being announced the world over.

In June 2020, I quit NDTV and announced my decision to move to Harvard. Based on all the communication thus far, I had no doubts about the genuineness of the exercise. I was sent class schedules; details of the subjects I would be teaching; a detailed break up of my class. The classes were supposed to start online in September 2020 but were put off first till October and then January "due to COVID". Again, I didn't think anything was amiss. I had been told a work visa had been issued in the US for me which would be sent to me only when travel was required. I would have also needed a visa from Delhi but it never reached that stage since no travel was on the cards immediately.

However, I had started to get frustrated with the administrative processes and expressed the same repeatedly on email. I was also told my salary would be paid irrespective from September 2020 but no money ever came. It was all blamed on chaos due to COVID or IT failures. At one point they even sent me a bank transfer slip even though no money ever came.

By now I realised something wasn't right. I still didn't imagine this was a massive fraud but thought it was lack of coordination between university departments.

In December, I wrote to the head of HR at Harvard but didn't hear back. Then in January I wrote to the office of the Dean of the Graduate School of Arts and Sciences. It was only earlier this week that I heard back from them telling me there was no record of my appointment and that the people claiming to be their HR staff do not exist! I wrote back to Harvard expressing shock at this and urged them to take this matter seriously since there are people impersonating their senior staff and even forging their signatures on fake letterheads, including the Vice President of HR and their Chief Financial Officer.

I also immediately wrote to those entities or organisations with whom I was associated and told them what had happened. My lawyer read all the emails and realised that this was a massive phishing exercise, in all likelihood aimed at stealing my money and taking my personal data to misuse it.

I have filed a police complaint and handed over all the documents and communication. This was a gross criminal act. I am very shaken by this and keep kicking myself for being such an idiot. With the benefit of hindsight, could I have done more due diligence? Absolutely, yes. But these scams succeed because they look so real. What these scamsters put together was good enough for me to throw away a 21-year career in TV.

In hindsight, I guess I never saw any cause for alarm because of the pandemic and the chaos and disruption it had caused the world over. Also, because no one ever asked me for money, this was a very sophisticated attack. And that there is a lesson for me and for us all - never trust anything online. I am angry, disappointed and upset but also relieved that I found out what was going on and alerted authorities including Harvard before any serious damage was done. If after all this the only thing I can be accused of is being stupid, then I'll take it on the chin, learn from it and move on.

No comments: