“I am Nidhi Razdan, not a Harvard professor.” These words from a blog, written on Jan. 16, by the Indian television journalist went somewhat viral on Indian Twitter over the weekend.
Razdan, a prominent anchor who worked with New Delhi-based English language TV news channel NDTV 24X7, announced over the weekend that she was a victim of a “serious phishing attack”. She said she was led to believe that she was offered an associate professor role at Harvard University. The job never existed.
What followed is a story that journalists, cybersecurity experts and even conspiracy theorists online are still trying to decode.
On Jan. 15 and 16, Razdan published two sets of statements to “set the record straight” about what she went through. In June 2020, Razdan had publicly announced that she was leaving her NDTV job, which she had held for 21 years, for a “terrific opportunity” as an associate professor at Harvard. Her announcement made it to national news.
Several digital media outlets published Nidhi Razdan's announcement to leave her network and join Harvard as an associate professor.
In one of the statements released on Jan. 16, Razdan said she was contacted by someone who claimed to be from Harvard. According to Razdan, an online search made her believe that it was a journalism faculty position at the University’s Extension School which has hired working journalists in the past. She submitted her resume and gave a 90-minute online interview. “I believed I fit this profile,” she recounted in one of the statements, adding that the offer letter, the letterhead and the university insignia looked genuine.
Her former colleagues at NDTV sent recommendation letters too. Sonia Singh, an editorial director at NDTV, tweeted that she was one of those people. “I gave Nidhi a recommendation as well and received an extremely genuine seeming university link to upload this,” she said in the tweet.
Over the next few months, Razdan claimed that while she figured out her work visa, she quit her job and was told the classes were delayed until Jan. 2021 because of COVID-19. Furthermore, she didn’t receive her promised salary. Finally, early in January, she wrote to the office of the Dean of the Graduate School of Arts and Sciences, only to be informed that there was no record of her appointment.
Since then, she has written to Harvard to take cognisance of this phishing scam, along with filing a police complaint. “My lawyer read all the emails and realised that this was a massive phishing exercise, in all likelihood aimed at stealing my money and taking my personal data to misuse it,” she wrote.
Deputy Commissioner of Police Eish Singhal, the Public Relations Officer of Delhi Police, in the Indian capital—where Razdan is based—told VICE World News that they’ve been inundated with queries from the media to confirm the police complaint. “There is no complaint in local police stations. We’re also looking for it, but we’ve been told it might have been a cybercrime complaint,” said Singhal.
When VICE World News reached out to the Deputy Commissioner of Police (Cybercrime) Anyesh Roy, he said no police complaint has been filed.
In the meantime, the incident sent those on social media in a tizzy. Many questioned Razdan’s credibility as well as her naivety as a journalist.
Some noted how easy it is to fall for job scams in India, which is a “booming industry” in the country.
News reports routinely document stories from across the country of young people being promised fake jobs, a problem which exacerbated during the pandemic. “India’s job-fraud industry is neither new nor small, but its prospects have never looked brighter,” wrote journalist Snigdha Poonam in The Atlantic.
In 2017, Poonam compiled reported scams entrapping 30,000 Indians in a single year. “Over the past couple of years, job fraud has become a phenomenon I no longer find just in the news,” she wrote in The Atlantic. “Victims range from my own colleagues to complete strangers I meet on reporting trips.”
Suman Kar, CEO of cybersecurity platform Banbreach, said that there are cyber-attacks comes in two flavours: targeted and un-targeted. Most, he said, are un-targeted, which are simpler to execute. The targeted ones, in fact, are rare and are aimed at VVIPS or high-value organisations. “Ms Razdan fits the profile of individuals who may be targeted. However, the moment you talk about targeted attacks, you bring in the question of motive,” Kar told VICE World News.
Reports of phishing job scams from India mostly centred around vulnerable youths or individuals, who were defrauded for money.
A targeted attack, on the other hand, can be exemplified through the case from 2018, in which Amazon billionaire Jeff Bezos’s personal data was breached via a WhatsApp message. According to news reports, Bezos was WhatsApp chatting with someone he believed to be Mohammed bin Salman, the crown prince of Saudi Arabia, which led to an infected video file being sent and data being infiltrated within hours.
In Razdan’s case, there is no proof of a data breach. In her statement, Razdan had also clarified that nobody asked her for any money. “[In Nidhi’s case,] it’s difficult to reason why someone would execute such a complicated attack considering she has apparently neither lost her data, her identity or even money,” said Kar. “It takes time to execute such an attack. Attackers are not going to put in an effort without any reason.”
In 2019, several Indian rights activists and journalists were targets of a cybersecurity attack, which was done via an Israeli spyware Pegasus. They were a part of 1,400 WhatsApp accounts breached worldwide.
In the meantime, Harvard University has not issued any statement on the same. Many have noted that Razdan used the official Harvard Twitter handle on her bio alongside her fake designation for several months, and even appeared on news reports as “Associate Professor, Harvard”. VICE World News reached out to Harvard University for a response but did not get one at the time of publishing this story.
Kar added that there’s “too little” information in Razdan’s public statements for cybersecurity experts to look into it independently. “There’s too little here to even say that this was a genuine attack,” he said. “At the same time, is it realistic for someone like her to get attacked? The answer is yes.”
On Jan. 16, another media professional called Zainab Sikander Siddiqui claimed that she had a similar experience from people claiming to be from the Harvard Kennedy School. She said she refused the offer. “I was adamant that I be informed who all had confirmed the seminar as well as an official letter of invitation from the Dean himself,” she wrote on Twitter.
In India, cybersecurity literacy is quite low, even for journalists who often deal with sensitive information. In fact, cybersecurity attacks are quite common too. Recent data shows that India sees 375 cases of cyberattacks every day. In fact, cybersecurity attacks and breaches jumped by as much as 500 percent last year during the COVID-19 lockdown.
Kar said that journalists need to “step up their cybersecurity game”. Last year, the police in the southern Indian state of Kerala investigated a cyberattack against journalists who questioned the state’s chief minister. “There’s a history of journalists getting attacked online,” he said. “It’s not really the journalist’s fault; it’s an organisational oversight. Cybersecurity training should be a part of their jobs.”
Follow Pallavi Pundir on Twitter.