Fraudulent Activity by Persons Impersonating Harvard Affiliates

Please be aware of fraudulent Harvard purchase orders or requests that have been sent to external vendors, often with forged attachments. The purchase orders or requests fraudulently represent that they are coming from “Harvard Procurement” staff and often are inquiring about the purchase of branded marketing items (backpacks, water bottles, etc.) or asking vendors for sensitive tax information. While vendors have been reaching out to Harvard contacts to verify the legitimacy of orders, some vendors have experienced losses because of the scheme. Particularly with the onset of Artificial Intelligence, the risk of fraud by persons impersonating Harvard affiliates continues to rise. This can take on several forms:

  • Fraudulent Harvard purchase orders or requests
  • Fraudulent requests to change remittance or direct deposit instructions
  • Fraudulent requests to change transfer of funds requests
  • Compromised account of a user@harvard.edu
  • Deep-fake voice message or even video message
  • Sophisticated spear-phishing message
  • Additional types of Business Email compromise/Email Account (BEC/EAC schemes)

Examples 

Fraudulent requests/emails could come from domains similar but not limited to @harvard-edu.net, @harvard-educ.com, @harvardd-edu.com, @harvardcollege-edu.com, harvard-edu @financier.com, or harvard_eduinfo@aol.com.

Valid Harvard email addresses always end in ‘harvard.edu’ or ‘hbs.edu’. (e.g. john_harvard @harvard.edu or jharvard @fas.harvard.edu) 

Whether you are a vendor or a member of the Harvard community, you must exercise extreme vigilance to protect yourself, the University, and others from falling prey to these schemes, sometimes with very large financial consequences. 

If you suspect that a request is fraudulent or need help in validating the legitimacy of a request, please contact RMAS-FraudAlert@harvard.edu.

Tips for Fraud Prevention

For Vendors:

  • Always ensure that a purchase request has come from a legitimate Harvard staff member who is authorized to make such a purchase or request.
  • If the request is unexpected, confirm the legitimacy by calling the school, department, lab, or center’s administration using a published contact number.
  • If you have been the victim of fraudulent activity, contact your local law enforcement authority.

For members of the Harvard community: 

  • If you are asked to confirm an unfamiliar or unexpected Harvard purchase request, ensure that the request is legitimate by contacting the originating department and verifying the purchase details.
  • If you are asked to change (urgently or otherwise) the remit-to or banking details of any transaction via any communication medium (voice call or message, video call or message, email, instant message, etc.), do not do so until you can confirm beyond a reasonable doubt that the request is legitimate.
  • Never divulge personally identifiable information or credentials (e.g., social security, driver’s license or passport number, passwords or PINs, bank account or credit card numbers) in response to a request from an incoming message or call, or a call to an unfamiliar number or entity.
  • Never transmit personally identifiable information or credentials in an unencrypted email or a fax.

Additional Resources

Use these resources to help protect you and the University from fraudulent activity: