Social Engineering Legalities

Toggle sidebar Toggle sidebar
J

JohnnyMCE

Member
Apr 13, 2006
141
0
0
I know a person that works with a smaller sized not for profit organization (approx 20 people). They really don't have much IT to speak of they all use their own personal e-mail accounts for work(yahoo, hotmail, gmail, comcast,etc). Within the past 3 months they have had an issue where a former employee has been e-mailing all the people trying to push an agenda nothing to call the police over (almost bordering)but the head of the non profit would like it to stop. Now the e-mails have all come from two different yahoo accounts. They are going to send me the headers but i doubt that is going to amount to much. That leaves my options being try to guess the password and log into those yahoo accounts (but that does count as hacking and would be illegal) or i was wondering what if i were to e-mail the person saying i believe in their cause and would like to help them and try to find out who they are that way.

My two questions are is that second method even legal. Also is there any other way i could try and figure out who this individual is?
 
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
From a technical standpoint, you're probably not going to find out who the person is without getting law enforcement involved and they would need to get a subpeona to get log files from Yahoo and the sender's ISP to find out what residence the emails were sent from.

As for the social engineering approach, I'm not a lawyer and definitely am not qualified to give legal advice, but I assume it is perfectly legal to send an email asking how you can help someone or who they are.

In the end, the best approach is to either seek legitimate legal advice or get the police involved. At the very least, the emails might be considered harrassment which could be enough for the police to get a subpeona.
 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Hacking into somebody's personal email account is not legal. And, without headers, you can't even be sure that the origination email accounts are even valid. Finally, since these "company" email accounts are are privately owned, you'd want permission from each of the employees before you try to stop somebody from sending them private email.

You'd have more to work with if the company provided the email and had control of it. The company could then block emails and could make complaints.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom