Harvard Business School's SharePoint site should be a straightforward place for students and faculty to collaborate. But when you look at harvardbusiness.sharepoint.com, the picture gets fuzzy. The domain immediately redirects to a Microsoft login page β which is normal for SharePoint Online β but the ownership is completely hidden in WHOIS records, and there are zero snapshots of this site in the Wayback Machine. That combination is odd for an established institution like Harvard Business School. A legitimate SharePoint tenant tied to Harvard should have clear domain registration history and some archival record. The lack of both doesn't mean it's definitely a scam, but it does mean you cannot verify whether this is the real Harvard SharePoint or someone else's tenant that happens to use a similar name. If you were sent a link to this site, contact your IT department through a known phone number or email β not through anything on this page β before logging in.
No β harvardbusiness.sharepoint.com doesn't look safe
In plain English
This site raises enough flags that I would not enter any credentials here without verifying who owns it through a separate channel. The domain ownership is hidden, it has no web history, and it immediately dumps you into a Microsoft login prompt. Those three things together make it hard to tell if this is a real Harvard Business SharePoint or a well-built impersonation.
What you should do now
Don't panic. These steps limit the damage, and the sooner you take them the better.
Don't enter any details
No passwords, card numbers or personal information β even if the site looks professional.
Close the tab
Especially if you got here from an email, text message or social media ad.
Already paid? Call your bank
Contact your bank or card provider right away. They can often stop or reverse a recent payment.
Warn others
Report the site and share this check with anyone who sent you the link.
Where the score comes from
Strong security setup: valid TLS certificate, modern encryption, and clickjacking protection are all in place. Google Web Risk reports no threats, which is what you want for any site handling logins.
The WHOIS record shows no match for this domain, meaning ownership is entirely hidden. For a site that sits behind a Microsoft corporate login page, opaque ownership is a serious concern β legitimate SharePoint tenants are typically tied to known organizations.
The domain has no web archive history and no Tranco ranking, which is unusual for a site associated with Harvard Business. The absence of any past snapshots makes it impossible to know how long this specific subdomain has been active.
No brand identity, no favicon, and no contact information are visible. The site immediately redirects to a Microsoft login page, which doesn't clarify who runs this SharePoint instance or why it exists.
The homepage redirects to a login prompt without showing any privacy policy, terms of service, or cookie notice. For a site that requests credentials, this is a meaningful compliance gap β you don't know how your data will be handled.
DNS resolution works, the site is not blacklisted, and Microsoft hosts it on reliable infrastructure. But DNSSEC is missing, and the sitemap is misconfigured. More importantly, the redirect to a Microsoft login tenant suggests this could be a legitimate SharePoint site β or a convincing phish.
What we checked
Think this verdict is wrong?
Site owners can request a fresh scan. Scores update automatically as signals change.