TOTALLY GEEKED!

Response from an I.T. expert (DS):

------------------------------------------------------------------------------------------------------

Assuming the person already tried changing their password (normally the first response to a breach), and have confirmed that none of the people they sent those e-mails to is the one doing this (normally the first response to a prank; most pranksters who think they're harmless will want to either gloat or get their target to laugh along), they need to report this to both I.T. and H.R.

Generally speaking, most mail servers don't give one user direct access to another's mailbox; they need to actually log in as that other user, meaning they need that user's password.  If the person has already changed their password and this hasn't stopped, then whoever's doing this to them has access to their new password.  Most servers also don't store passwords in a way that even an admin can learn them; if someone forgets their password, it doesn't get retrieved, it gets changed.  I.T. needs to check various machines for things like key-loggers and other spyware, starting with his workstation (and home computer if he accesses his e-mail from there), and then running through the servers and any other systems he accesses with the same credentials.  If he uses the same password for anything else, he needs to start mixing things up, use different passwords for different purposes before whoever this uses it for more than just a prank.

The reason to get H.R. involved is that this is clearly harassment, and someone who'll pull this kind of prank is likely to escalate, or may be doing other things to other co-workers.

Keeping in mind also, that if the newest e-mail involved is over a year old, that could mean that if there are any newer ones, whoever's doing this doesn't have access to them.  They may have already "harvested" everything they're going to get, and just keep re-using what they've got.  In which case, H.R. and I.T. can work together (with Security, if their company has a Security department) to use cameras to catch this person.

There's a photo set that makes the rounds from time to time, of a series of notes attached to a refrigerator door.  It starts with one person telling whoever keeps stealing his lunch to stop.  The thief responds with a note taunting the victim... demanding ransoms, with photographs of a partially-eaten sandwich, etc.  This goes back and forth a few times, and escalates over the course of about ten or twelve notes... ending with one from H.R. calling out the thief by name and telling him he's both busted (they caught him on the securities camera posting his last note) and fired.

-DS

 

Hi Sons,

 

What do you think of this situation?

 

Love,

 

Dad

Q. Dumb Emails, Back to Haunt Me:  Someone in my office can apparently go through my email and has on occasion found dumb ones I’ve sent. This person prints them out anonymously and leaves them in my mailbox. The most recent one was from a year ago! I know I shouldn’t send dumb emails, and nothing I’ve written is THAT bad. But this feels very creepy, and I’m not sure what to do—I don’t exactly want to talk to my boss about these emails (if she’s not the one printing them out).

A: This is a living modern nightmare, and probably also an episode of Black Mirror. I don’t know exactly what you mean by “dumb,” but it doesn’t sound like you’ve said anything heinous or offensive or that could get you fired. But still! How unsettling and awful. There are a few obvious things you can do to protect yourself—change your email password immediately if you haven’t already, and set up two-step verification so it’s harder for someone else to log in to your account. My apologies if this is something you already do, but make sure you’re completely logged out whenever you leave your computer or go home for the day. If it’s someone who has external access to your inbox—say a higher-up or a member of your IT department—that’s something else entirely.

I understand not wanting to talk to your boss about this, but I don’t think you have much of a choice. Keep the conversation short, explain that someone is printing out your old emails and leaving them for you to find. I would assume your company has a policy against this! Whoever is doing this clearly delights in messing with you and making you feel threatened, and will probably not just quit doing it if you ignore him and hope he goes away. If nothing else, he’s misusing company time. (Also, if you really think your boss is the kind of person who would go into your inbox, print out old emails, and leave them anonymously in your physical mailbox, I hope that you are able to find a new job as soon as possible.)

Q. Re: Dumb Emails: Yikes! This is definitely a security issue. No one except IT should be able to just sneak into your account—what if they were to find out sensitive client information? Work with your IT folks to get your machine and your account secure, immediately!

A: Yes! If this person is willing to print out someone else’s old, embarrassing emails, it’s not much of a stretch to assume that they might be willing to play fast and loose with sensitive company information. They might also have more than one victim. Definitely worth involving your boss, IT, and HR, if your company has an HR department.

Q. Re: Dumb Emails: It sounds more likely that this person may be printing out allegedly dumb emails sent to a group of people of which he or she was a direct recipient (or got a forwarded copy). The person then printed out a copy of the message (without any identifying recipient’s name). Still inappropriate, but not necessarily an invasion of privacy or IT security.

A: That’s possible, although it’s not clear from the original letter whether he or she thinks that’s the case. What’s oddest about the situation to me is that the emails in question are from more than a year ago. If nothing else, it’s a very odd way to try to alert someone that he or she is forwarding emails too casually and thoughtlessly.