> In January 2020, I got an email from an alleged Harvard Human Resources person from what appeared to be an official Harvard email ID,
it would have been interesting if she would have shared exactly what that email address was. Was it hr@harvard.com or maybe hr@harverd.com? I doubt that it was hr@<something>.edu since it is hard to register .edu domains. But if someone did, that would be news to me.
A url containing 'harvard' and redirecting to an actual faculty website is going to convince most people if the communications are plausible. Many large organizations use multiple url forms for emails, especially for quasi-separate divisions like business schools or extension programmes.
A particularly sneaky scammer without access to Harvard mailboxes might register a plausible-sounding domain with an .ac TLD (which resembles the .ac reserved for universities in many national domain systems including the author's, but is actually a freely purchasable domain supposedly associated with Ascension Island)
Yeah. The alumni emails probably follow a pattern. Get a list of alumni and find one who hadn't set up an email forwarding address previously and set up an account.
Maybe something like @harvard-school-of-journalism.com, although that's too wordy. The article mentions "Harvard Extension School", so, it could be some variation of that.
Edit: I tried harvard-extension.school in the browser, it redirected me to http:harvard-education.edu (not https!), which seems to be a clone of extension.harvard.edu . The WHOIS records of harvard-extension.school/.education are pretty new (registered last year), and they're registered on GoDaddy and 1API GmbH respectively. A Germany-based registrar? Would Harvard use them?
it would have been interesting if she would have shared exactly what that email address was. Was it hr@harvard.com or maybe hr@harverd.com? I doubt that it was hr@<something>.edu since it is hard to register .edu domains. But if someone did, that would be news to me.