• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Social Engineering Legalities

J

JohnnyMCE

Member
I know a person that works with a smaller sized not for profit organization (approx 20 people). They really don't have much IT to speak of they all use their own personal e-mail accounts for work(yahoo, hotmail, gmail, comcast,etc). Within the past 3 months they have had an issue where a former employee has been e-mailing all the people trying to push an agenda nothing to call the police over (almost bordering)but the head of the non profit would like it to stop. Now the e-mails have all come from two different yahoo accounts. They are going to send me the headers but i doubt that is going to amount to much. That leaves my options being try to guess the password and log into those yahoo accounts (but that does count as hacking and would be illegal) or i was wondering what if i were to e-mail the person saying i believe in their cause and would like to help them and try to find out who they are that way.

My two questions are is that second method even legal. Also is there any other way i could try and figure out who this individual is?
 
From a technical standpoint, you're probably not going to find out who the person is without getting law enforcement involved and they would need to get a subpeona to get log files from Yahoo and the sender's ISP to find out what residence the emails were sent from.

As for the social engineering approach, I'm not a lawyer and definitely am not qualified to give legal advice, but I assume it is perfectly legal to send an email asking how you can help someone or who they are.

In the end, the best approach is to either seek legitimate legal advice or get the police involved. At the very least, the emails might be considered harrassment which could be enough for the police to get a subpeona.
 
Hacking into somebody's personal email account is not legal. And, without headers, you can't even be sure that the origination email accounts are even valid. Finally, since these "company" email accounts are are privately owned, you'd want permission from each of the employees before you try to stop somebody from sending them private email.

You'd have more to work with if the company provided the email and had control of it. The company could then block emails and could make complaints.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top