Hi seniors,
In one reputed MNC, one employee's credentials were misused to send a prank email from the ex-employer's employee's email ID to higher authorities.
The higher authority of the ex-employer directly falsely accused the employee whose credentials were misused by forming a story of revenge taken by that employee with the ex-employer and convinced the current employer to terminate that employee.
They did not conduct any inquiry, police investigation, or file a legal case under the cybercrime act; they simply believed the story told by the employee whose email ID was used to send the prank email.
They do not want to understand the simple fact that credentials can be misused because when the crime was committed, that person was not using his/her computer.
But due to the lack of CCTV camera installation, the absence or presence of that person cannot be proved.
1. Is it legal to take law and order into one's own control and directly accuse an employee of being a criminal based on indirect evidence?
2. Is it humane not to let a person even justify his/her side?
The ex-employers mentioned that when a background check is done next time, they simply harass him/her by elaborating on this incident to prevent him/her from being hired by any employer.
Is it legal to mentally torture an ex-employee by isolating them from employment?
From India, New Delhi
Acknowledge(0)
Amend(0)
2In one reputed MNC, one employee's credentials were misused to send a prank email from the ex-employer's employee's email ID to higher authorities.
The higher authority of the ex-employer directly falsely accused the employee whose credentials were misused by forming a story of revenge taken by that employee with the ex-employer and convinced the current employer to terminate that employee.
They did not conduct any inquiry, police investigation, or file a legal case under the cybercrime act; they simply believed the story told by the employee whose email ID was used to send the prank email.
They do not want to understand the simple fact that credentials can be misused because when the crime was committed, that person was not using his/her computer.
But due to the lack of CCTV camera installation, the absence or presence of that person cannot be proved.
1. Is it legal to take law and order into one's own control and directly accuse an employee of being a criminal based on indirect evidence?
2. Is it humane not to let a person even justify his/her side?
The ex-employers mentioned that when a background check is done next time, they simply harass him/her by elaborating on this incident to prevent him/her from being hired by any employer.
Is it legal to mentally torture an ex-employee by isolating them from employment?
From India, New Delhi
Acknowledge(0)Amend(0)
Hello,
Your posting is both disturbing and confusing—disturbing since you mention it's a MNC and confusing since it's within their purview and capability to verify the veracity of the complaint/claim of identity misuse.
In such cases, CCTVs are not what need to be checked. The System Admin guy comes into the picture to check out the usage of the ID including the location, time-tagging, and other such details of the mails in question. Every email has a long tracking mechanism, which is not visible to us users, from where the Sys Admin guy or the Cyber Crime cops figure out the details.
Coming to 'what next,' suggest informing the current employer to check with the System Admin guy. If they aren't keen to do so, suggest filing a Police Complaint [in Cyber Crimes Cell] with all the facts of the case. They will do the necessary checks of where the mail(s) came from, etc.
All the Best.
Rgds,
TS
From India, Hyderabad
Acknowledge(0)Amend(0)
Your posting is both disturbing and confusing—disturbing since you mention it's a MNC and confusing since it's within their purview and capability to verify the veracity of the complaint/claim of identity misuse.
In such cases, CCTVs are not what need to be checked. The System Admin guy comes into the picture to check out the usage of the ID including the location, time-tagging, and other such details of the mails in question. Every email has a long tracking mechanism, which is not visible to us users, from where the Sys Admin guy or the Cyber Crime cops figure out the details.
Coming to 'what next,' suggest informing the current employer to check with the System Admin guy. If they aren't keen to do so, suggest filing a Police Complaint [in Cyber Crimes Cell] with all the facts of the case. They will do the necessary checks of where the mail(s) came from, etc.
All the Best.
Rgds,
TS
From India, Hyderabad
Acknowledge(0)Amend(0)
Hello,
Your posting is both disturbing and confusing—'disturbing' since you mention it's a MNC and 'confusing' since it's within their purview and capability to verify the veracity of the complaint/claim of identity misuse.
In such cases, CCTVs are not what need to be checked. The System Admin guy comes into the picture to check out the usage of the ID, including the location, time-tagging, and other such details of the mails in question. Every email has a long tracking mechanism—which is not visible to us users—from where the Sys Admin guy or the Cyber Crime cops figure out the details.
Coming to 'what next,' I suggest informing the current employer to check with the System Admin guy. If they aren't keen to do so, suggest filing a Police Complaint in the Cyber Crimes Cell with all the facts of the case. They will do the necessary checks of where the mail(s) came from, etc.
All the Best.
Regards,
TS
First of all, sorry if you found this post disturbing, but I didn't mention any names due to the reputation issue of MNCs. I just want to highlight the importance of the issue.
Sorry in advance for the very long reply, but kindly understand the complexity of the problem by just reading the following case scenario with a calm mind as it is a matter of someone's life and career.
Whatever you have suggested, I appreciate it. I already know about email tracing, time-tagging, etc., and it's now very old as it has been used since the era of the UNIX mail system by tracing the hopping of mail from one system to another.
As per your suggestion, the usage of the ID, including the location, time-tagging, and other such details of the mails, etc., have all been easily available without inquiry, due to the high-end cloud-based monitoring system of the mail system.
Even after all that exercise for tracing the criminal, the problem is that the guy whose credentials are misused had gone for a tea break or lunch during that misuse time, and someone had taken remote desktop and committed the crime.
Unfortunately, there is no swipe mechanism from the workroom to the cafeteria. Only the check-in time to the office building and check-out time from the office building is noted in the system.
So, it is a fact that a particular guy's system is misused, but it can't be judged just by logs as that guy is away from his system for a very long time.
As there is no restriction on the minimum daily work hours completion and no workload during that time, that guy is away from the system as other guys, so no one is in that room when the crime was committed by remote desktop.
Only some prank mail is sent from that guy's system by using ex-employers' employee's email ID to higher authorities.
Both of the MNCs do not disclose what is in that mail, but both agree that nothing much harassing or any adult content, blackmailing, or threats of murder, etc.
But still, they made this matter an issue of their pride.
As the above-mentioned two MNCs do not want to spoil their reputation by involving the police or cyber crime cops, they simply judged that if that guy's system is misused, then he is solely responsible.
They are not even giving a second chance by just warning a guy who is also a victim of the misuse of his/her credentials.
It is a very heavy punishment for a guy because:
- His/her relation with the ex-employer is now bitter forever.
- His/her current employer terminated him/her.
From India, New Delhi
Acknowledge(0)Amend(0)
Your posting is both disturbing and confusing—'disturbing' since you mention it's a MNC and 'confusing' since it's within their purview and capability to verify the veracity of the complaint/claim of identity misuse.
In such cases, CCTVs are not what need to be checked. The System Admin guy comes into the picture to check out the usage of the ID, including the location, time-tagging, and other such details of the mails in question. Every email has a long tracking mechanism—which is not visible to us users—from where the Sys Admin guy or the Cyber Crime cops figure out the details.
Coming to 'what next,' I suggest informing the current employer to check with the System Admin guy. If they aren't keen to do so, suggest filing a Police Complaint in the Cyber Crimes Cell with all the facts of the case. They will do the necessary checks of where the mail(s) came from, etc.
All the Best.
Regards,
TS
First of all, sorry if you found this post disturbing, but I didn't mention any names due to the reputation issue of MNCs. I just want to highlight the importance of the issue.
Sorry in advance for the very long reply, but kindly understand the complexity of the problem by just reading the following case scenario with a calm mind as it is a matter of someone's life and career.
Whatever you have suggested, I appreciate it. I already know about email tracing, time-tagging, etc., and it's now very old as it has been used since the era of the UNIX mail system by tracing the hopping of mail from one system to another.
As per your suggestion, the usage of the ID, including the location, time-tagging, and other such details of the mails, etc., have all been easily available without inquiry, due to the high-end cloud-based monitoring system of the mail system.
Even after all that exercise for tracing the criminal, the problem is that the guy whose credentials are misused had gone for a tea break or lunch during that misuse time, and someone had taken remote desktop and committed the crime.
Unfortunately, there is no swipe mechanism from the workroom to the cafeteria. Only the check-in time to the office building and check-out time from the office building is noted in the system.
So, it is a fact that a particular guy's system is misused, but it can't be judged just by logs as that guy is away from his system for a very long time.
As there is no restriction on the minimum daily work hours completion and no workload during that time, that guy is away from the system as other guys, so no one is in that room when the crime was committed by remote desktop.
Only some prank mail is sent from that guy's system by using ex-employers' employee's email ID to higher authorities.
Both of the MNCs do not disclose what is in that mail, but both agree that nothing much harassing or any adult content, blackmailing, or threats of murder, etc.
But still, they made this matter an issue of their pride.
As the above-mentioned two MNCs do not want to spoil their reputation by involving the police or cyber crime cops, they simply judged that if that guy's system is misused, then he is solely responsible.
They are not even giving a second chance by just warning a guy who is also a victim of the misuse of his/her credentials.
It is a very heavy punishment for a guy because:
- His/her relation with the ex-employer is now bitter forever.
- His/her current employer terminated him/her.
From India, New Delhi
Acknowledge(0)Amend(0)
The first post you have made is very confusing. The language, grammar, and sentence completion were disregarded, making it close to gibberish. Thankfully, your second mail is clear.
Most offices have a rule that you are required to lock your PC when you are not at your desk. Either your friend didn't do that or had shared his password, enabling someone to enter the system.
There is no proof that it was done by remote desktop control. If that were the case, obviously, he would not have been blamed. In fact, if remote desktop was used, the sys admin would know where the mail actually went from, as there would be a tracking record of the same. How do you say it was done by remote desktop?
All MNCs and most corporations take a very serious view of any employee careless with IT resources. If you let someone access or use your IT resources, you put the company's information at risk. They do not want such people in the company.
I know of a certain department in IBM where any unlocked laptop (they need to physically lock their laptop with a chain provided) is picked up by IT, and their department head has to come and take it back with an explanation for the error of leaving it unattended.
Every MNC has a grievance settlement mechanism. Your friend should have approached the concerned person in HR. He can still approach the forum and seek help if he is really not guilty.
Actually, the problem is that many employees make excuses, saying, "I was not there, someone else used it," etc. I am sure the concerned manager must have checked with their IT department to see who actually sent it.
Finally, of course, if you think someone used your ID and you are being victimized, you can always approach the cyber crimes department of the police for help.
Please tell us in what way has the company harassed the employee apart from termination?
From India, Mumbai
Acknowledge(0)Amend(0)
Most offices have a rule that you are required to lock your PC when you are not at your desk. Either your friend didn't do that or had shared his password, enabling someone to enter the system.
There is no proof that it was done by remote desktop control. If that were the case, obviously, he would not have been blamed. In fact, if remote desktop was used, the sys admin would know where the mail actually went from, as there would be a tracking record of the same. How do you say it was done by remote desktop?
All MNCs and most corporations take a very serious view of any employee careless with IT resources. If you let someone access or use your IT resources, you put the company's information at risk. They do not want such people in the company.
I know of a certain department in IBM where any unlocked laptop (they need to physically lock their laptop with a chain provided) is picked up by IT, and their department head has to come and take it back with an explanation for the error of leaving it unattended.
Every MNC has a grievance settlement mechanism. Your friend should have approached the concerned person in HR. He can still approach the forum and seek help if he is really not guilty.
Actually, the problem is that many employees make excuses, saying, "I was not there, someone else used it," etc. I am sure the concerned manager must have checked with their IT department to see who actually sent it.
Finally, of course, if you think someone used your ID and you are being victimized, you can always approach the cyber crimes department of the police for help.
Please tell us in what way has the company harassed the employee apart from termination?
From India, Mumbai
Acknowledge(0)Amend(0)Looking for something specific? - Join & Be Part Of Our Community and get connected with the right people who can help. Our AI-powered platform provides real-time fact-checking, peer-reviewed insights, and a vast historical knowledge base to support your search.