Malicious Actor is Impersonating Government Organizations to Deliver Malware
Last updated September 25, 2021
A recent discovery on the prestigious UK Harvard University "Harvard.edu" domain found actors using false student identities to promote scams. Hiding behind elaborately crafted student profiles, actors would try to scam people by promoting almost anything, from cannabis to hair loss solutions and car insurance. These posts borrow the university’s domain and prestige but never mention they are paid promotions.
Upon questioning Harvard.edu website admins, the researchers found that anyone with $300 could buy advertising via the university domain. Some can be as lazy as using the name “Harvard2” and have glaring racist and sexist generalizations when promoting a site selling “mail order brides.” The stars of the show were mainly sound or look like unknown random brands. Further, Google’s indexing metrics indicate that some part of Harvard’s site had become almost entirely taken over by low-quality spam before the university started removing the posts in response to outside inquiries.
One such example is Mikao John, a fake student persona made up by a scammer to sell bogus cannabis endorsements. This user even had the credentials to find their way into Harvard’s web system. They primarily used this for selling SEO-friendly backlinks for pitching to marketing firms. This particular account was posting things like “KeefX.co: The Cannabis Fintech Company that Provides $1M in Funding a Month” and “Idahome Solar Makes Switching to Solar Power in Idaho a No-Brainer.”
One of the companies featured by the perpetrator above said they collaborate with a marketing firm called T1 Advertising, which sometimes pays “media consultants” to plant blog posts on Harvard’s site. “As to the name of the author, the part of the site it’s on, the access they have to Harvard, etc, that’s all completely out of our control (as T1 has no access directly to Harvard),” the founder of the marketing company said.
Researchers came up with over two dozen similar accounts pitching very legit-looking but ultimately fake info off the Harvard.edu domain. The issue here is of big online domains like Forbes and Entrepreneur opening up “contributor networks,” that are easily exploited for questionable advertising.
This is obviously a treasure trove for scammers and many would easily get swept along in the hubbub surrounding top names like Harvard. According to a Harvard spokesperson, the issue of fake advertising on the domain is being analyzed and the university is looking to crack down on false and misleading student adverts.