By Dave Oswald
Did you know that email isn’t – and was never designed to be – a secure way to communicate? Fake emails can be created quickly and doctored to look genuine and perfectly legitimate.
We’ve done many investigations that illustrate how easily email can be manipulated. Unfortunately, too often people don’t challenge or question the authenticity of emails.
One of our investigations dealt with a female employee, “Joan”, who presented dozens of emails to the HR department, which a male colleague, “Bob”, had sent her. They started relatively innocently, with compliments on her looks, but soon made 50 Shades of Grey look mild as they became more lewd and suggestive.
The HR Manager called Bob in to discuss the emails. Bob denied having sent the emails and was insistent that he never had, nor would ever write emails to Joan in this light.
The company called Forensic Restitution in to prove Bob sent the emails. It was the company’s intent to fire him, based on their policies and the nature of the emails, but with Bob’s rebuttal of the emails, they wanted to be sure. The only proof the company had was the hardcopies of Joan’s emails when lodging her claim as Joan had stated that she had deleted the electronic version.
The company did not have an email archiving system, so Forensic Restitution imaged Bob’s computer to investigate if the emails were on Bob’s computer. No trace of the offensive emails were found. Forensic Restitution then used word patterning to determine if the same type of wording was used in other emails. Again nothing was found. Joans computer was then imaged, and we discovered that the author of the offensive emails was non other than Joan
Joan had sent the emails to herself. She’d figured out how to change email addresses from her email to Bob’s email address and had then sent the emails purporting to be from Bob to herself.
When we questioned her, she stated she did not like Bob and wanted to get him fired. The two employees sat next to each other and she admitted that she did not like his actions. Since she liked her job, she figured the best solution was to set him up. In the end, she was forced to leave.
In another case, a man , Kevin, lied on his CV to get a job, claiming that he had an accounting degree. Kevin started by forging an email from a University confirming that he had his degree. The employment agency accepted the email, and did not follow up on its validity. Kevin was put forward for an accounting position that he obtained.
After working at the company for three months, Kevin sent an email to the Payroll Department pretending to be from his boss, indicating that Kevin’s pay was due to be increased as he had completed his probation period. As Kevin’s boss was a hard person, no one questioned her decisions. Everyone just accepted that the boss had spoken and his salary was updated.
Once his three-month probation passed, he sent another email and got a $30,000 bonus. Nothing was ever questioned, so he rewarded himself with more money, almost doubling his salary, even adding on a year-end bonus. After 18 months, he was finally caught.
The fake emails weren’t what actually tripped him up: he used the company credit card while on vacation. The credit card company contacted the employer to alert them of the card’s use. This “well-paid” employee stole about $400,000 in total.
Forensic Restitution investigated an employee “Karen” at an insurance company. We found Karen had faked emails to receive money for false claims she’d made on behalf of a large client. Karen submitted eight claims over a year. None of them were flagged or checked because they were within her signing authority.
At the end of the year, the department manager met the client for lunch and the topic of the claims came up. The manager mentioned that it must have been a hard year for the company because of the number of claims they submitted.
Dismayed, the client said they hadn’t submitted anything that year, and an investigation was launched. We were able to prove the amount of money the employee had stolen.
Other details uncovered in the investigation revealed that she’d had affairs with two of her bosses. They agreed not to tell on her if she didn’t tell on them, and she was allowed to resign rather than be fired.
In all these instances, the emails had been tampered with. If an email appears odd in any way, it’s better to pick up the phone and call the person to confirm.