Using Fake Student Accounts to Shill Brands

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands:

Basically, it appears that anyone with $300 to spare can ­– or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention of the fact that it in reality they constitute paid advertising….

A Harvard spokesperson said that the university is working to crack down on the fake students and other scammers that have gained access to its site. They also said that the scammers were creating the fake accounts by signing up for online classes and then using the email address that process provided to infiltrate the university’s various blogging platforms.

Posted on November 3, 2021 at 6:10 AM11 Comments

Comments

Ted November 3, 2021 7:55 AM

@All

First off does anyone here have a class they would take at Harvard? (Free preferably.) I’m particularly looking at you programmers. But maybe interests are more varied. Yarning classes anyone?

https://online-learning.harvard.edu/subject/computer-science

Second, if the education thing didn’t work out is there a product you think would be particularly fun to shill (is this still possible)? It looks like previous product offerings included bouncy castles, roller skates, kitchen sinks, more kitchen sinks, lawn decorations (i might actually look into that) and oh so, so much more.

testbasketcase November 3, 2021 10:47 AM

Something something harvard.edu something…

US Dept. of Commerce just put NSO on the trade blocklist, apparently.

It’s not Friday yet, but I feel like we should be talking about this anyway, since NSO et al. have been such a regular feature of this blog…

echo November 3, 2021 11:43 AM

There’s been more than a few who have used links with prestigious institutions to boost their status. Often politicians visiting to give off some guff in a lecture hall are slowly elevated over time to be “professors”. Real professors are not immune from using their status to peddle agendas. Some universities are fairly quick and catch them during an ethics review. Others are complicit if it fits the personal political views of the management even where those views if acted upon are unlawful. Gaming the system and blagging an email address is an extension of this.

After I left university I kept the same university bank branch for some years afterwards for the simply reason is bank staff were more accomodating. Because of the way it was printed on my cheque book (remember those?) people used to think I was staff which does impress some people. It’s similar when I wear my salmon pink skirt suit to the shops. It’s madam this that and the other with staff tripping over themselves. When I had a contract with the state sector it was the same with staff from other departments if I smartened myselfup. The grovellers would hold doors open so I was faced with a painful 20 foot walk ahead of me. I’m fine with common courtesy but that was over the top.

It’s nice to be treated well but I disagree with the grovelling over status or perceived status. I view it as a form of brainwashing.

I will add that those at the top got away with a lot they shouldn’t have. There was also one notable Whitehall mandarin I tried to have a talk with with after a lunch in a restaurant with regard to my thinking he needed to unwind a bit and let staff relax and communicate instead of putting on an act to keep him happy. Divorced on account of his macho and long hours approach to his career he was some years later reported in the broadsheet newspapers to have committed suicide.

As for the scammers mentioned at the top of the article I wonder what shitty situation their life must be in if they feel they have to do this.

Ted November 3, 2021 4:43 PM

The article mentions a very specific threat narrative, namely that a scammer could short a biotech stock and then write a Harvard-linked blog post attacking the company. Then they could profit off any ensuing losses.

This is such a specific threat scenario, in a list of relatively nuisance scams, that it makes me wonder where it came from. That seems to cross the line into much deeper legal waters than just cbd oil.

I have also have to wonder if Harvard bears any legal responsibility for any loses originating from these posts.

It’s a wonderful feature for legitimate students to have so hopefully the university will be able to implement an evolving content curation platform. No easy task I’m sure. It would be really interesting to see what kind of solution the school comes up with.

MikeA November 4, 2021 10:31 AM

It’s been years since U.C. Berkeley replaced my alum.calberkeley.edu email address with a Berkeley.edu one. The clear hazard of such flummery was one reason I don’t really use it. That and the cancellation of library privileges and the constant spam about how I should pay them for a lifetime alumni membership, despite the fact that I did just that when I graduated (mid 1970s) and don’t recall having died and resurrected since then.

Don’t get me wrong, I learned a lot, much of it from conversations with faculty, staff, and other students, but the “University as a credential mint” gets old.

Anyway, doesn’t have to be an Ivy to pull this stuff.

Sut Vachz November 4, 2021 6:26 PM

But seriously, are we sure this isn’t someone running a variation on Sokal’s postmodernist hoax, to put into relief the corrupting modern trend towards commercialization of university research ?

Ted November 4, 2021 6:44 PM

@Sut Vachz

But seriously, are we sure this isn’t someone running a variation on Sokal’s postmodernist hoax, to put into relief the corrupting modern trend towards commercialization of university research ?

Yes, and they are using it to promote keto snacks and seasonal depression lamps.

Mike-SMO November 6, 2021 6:04 PM

It seems that many administrators don’t care about their institution’s reputation.

Keeping track or monitoring student accounts at a large institution would be a large task, however if such accounts were switched to a separate domain (e.g. “Harvardstudent.edu” for the “Harvard.edu” example) it would be obvious that the contents from such a domain were not “official” pronouncements or opinions by the institution. Someone would still have to watch for “BCC” “Spam Bombs” but that probably could be automated in light of typical spam techniques. If nothing else, students might be issued a “numbered” account that would be easier to track and purge. If accounts are allowed to have user defined “handles” backtracking to a real owner becomes difficult, at best. At a firm where I was employed, the data center found email accounts for people who had left the firm many years earlier as well as some that were untraceable due to the “creative” names selected by the user. After a purge, the few who had “extra” email accounts for communications with family/friends quickly made their presence known.

By and large, administrators have no idea how easy it is to “fake” an “official” message and thus pirate an institution’s reputation.

Many “.edu” institutions host classes, seminars, training, etc and snapping up email accounts is a routine “profession”. Big bursts of spam draw attention so there is a “market” for new launching pads to replace those that are blocked. Nothing special. It is just “piece-work” for some. If you enroll and then cancel at a careless institution, it is almost free money when you provide access to the new email account.

sab November 9, 2021 10:01 PM

yale students:

might lead stupid other to higher worlds.

unlike other harvard expert and presentations at wh.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.