Dynadot

Am I involved in something illegal?

Spaceship Spaceship
Watch

Angeline Malik

Established Member
Impact
32
I joined NP a few days ago and as I indicated in my first post in the meet and greet area, I’m a software developer, my knowledge about domain names is limited. I have a question and I’d be extremely grateful if experienced domainers can help me.

I have a small software company comprising a few developers. We have clients mostly from the USA, UK and Middle East. A year ago, we added a new segment to our business: providing online/ ticket based technical support to the customers of our clients.

A few months ago, one such client outsourced to us a couple of their websites for customer support. Let’s say for understanding purposes one of the sites’ name is tesla.com. When we were given the access to the email accounts and the second we set up MS Outlook, we found loads of emails but not intended for tesla.com, instead for different financial institutions like teslabank.com, teslainsurance.com and many others.

Upon further investigation we discovered that people in the bank and insurance etc promote themselves as tesla and when their customers write to them, many tend to forget to add bank, insurance after tesla and all such unrouted communications are delivered to the default email address of tesla.com, which is, say, support at tesla.com.

The funny thing is that people in the tesla bank and tesla insurance also make such mistakes and their internal emails also make their way to tesla.com’s default email address.

We contacted the owner of the website but s/he was not bothered. S/he said the people in the bank and insurance have been aware of all that for several years and they are least bothered. Whatever you receive for them, treat it like junk and delete it from your PC.

My question is if we, the support team, are involved in anything illegal? These messages which look sensitive in their nature as they carry confidential pieces of information about money, transfer, bank accounts, insurance, individuals and organisations, etc I find it difficult to comprehend that a bank or financial institution will not be bothered after knowing the extent of this kind of breach of security.

What’s the best course of action for us? Should we stop providing customer service to this client? Is it a serious issue or am I being paranoid unnecessarily?
 
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Ummmm save data.

And contact news agencies where most of the emails are from save that email.

Be part of class action suit.

Recently many news stories in the USA about Target and Staples and Home Depot point of sale systems were hacked and millions of sensitive customer info was acquired. Mostly credit card info.

Pm me. A case like this referred to the proper lawyer is worth a very nice finder's fee.

Pm me with your details and I'll shop it around some lawyers.

Save all emails and data. Erase nothing .

Open no more emails as it will show proof you did not see this data. I'm sure there's record of when and where emails are seen via ip.

This is a big deal. Don't worry about your client.
If we do this right you can afford to lose this client.

Big payday if you are interested.PM me.

How many emails are we talking about? And are they still coming in?

Data like this is being trade in the Dark Web.

I think this is what your client is doing.

Be careful. People like this are also the kind you do not want to mess with.

If anything the Money is not in snitching on your client as your client I suspect has alias and can disappear. it's more about that damaging email from the Company you contacted. Saying it is "okay" and they "know all about it for years"

You can make money from this selling to a lawyer and or sell the story to a news agency.
 
4
•••
Hi.

To be honest, based on your description I don't exactly understand the situation. For me it sounds either that one company or website (A) just gets by mistake e-mails that are not intended for A but for a company/website which has a similar name as A.

On the other hand it also sounds as if A and the other companies/websites might be affiliated with each other - subsidiaries or something like that. You write that "one such client outsourced to us a couple of their websites for customer support".

Anyway, I was wondering if technical support/software developers should rather focus on technical aspects of e-mail configurations, etc. instead of the content of e-mails? It sounds like you haven't just read the headers of e-mails which might automatically happen when setting something up?

Data like this is being trade in the Dark Web.

Something like this sounds definitely illegal, but requires proof and seems based on the information provided by the thread opener very speculative.
 
Last edited:
3
•••
Hi.

To be honest, based on your description I don't exactly understand the situation. For me it sounds either that one company or website (A) just gets by mistake e-mails that are not intended for A but for a company/website which has a similar name as A.

On the other hand it also sounds as if A and the other companies/websites might be affiliated with each other - subsidiaries or something like that. You write that "one such client outsourced to us a couple of their websites for customer support".

Anyway, I was wondering if technical support/software developers should rather focus on technical aspects of e-mail configurations, etc. instead of the content of e-mails? It sounds like you haven't just read the headers of e-mails which might automatically happen when setting something up?



Something like this sounds definitely illegal, but requires proof and seems based on the information provided by the thread opener very speculative.

This sounds like a scammer using a sneaky domain that they bet will be what certain bank emplyoees of a certain bank will mistakenly input when sending out an email.

I read an article about this where some employee of a bank tired and sleep or just busy mistakenly added extra into in the email address and sent out hundreds of thousands of files of customers to the wrong email. Luckily the email owner was honest and sent it back. Of course he probably sent the story to the news or else we wouldn't know about this ever happening.

Now imagine how many stories like this Do happen without anyone ever knowing?

That's the scary part.
 
2
•••
Your client is right. Treat it like SPAM. You have no obligation to reroute miss labelled mail.

Imagine if it was obligatory to address any email. You could really shut down your competition down with a few spam campaigns.

Your client got the best domain it seems. Unless the bank or what ever wants to pony up they will miss some of their email. Unless of-course its a trademarked term. Then I would perhaps start to consider if it was the right client to represent.
 
2
•••
A case like this referred to the proper lawyer is worth a very nice finder's fee.

Oh, yes, by all means give your confidential information to someone you don't know, and who will hook you up with a lawyer who is paying him to do so, instead of one who is most competent to deal with the situation.

Incidentally, many US jurisdictions make this sort of arrangement illegal.
 
7
•••
Oh, yes, by all means give your confidential information to someone you don't know, and who will hook you up with a lawyer who is paying him to do so, instead of one who is most competent to deal with the situation.

Incidentally, many US jurisdictions make this sort of arrangement illegal.

Illegal? How would something like referring a case illegal?

What about all those referral sites for Mesothelioma that make ( supposedly) a ton of money on Mesothelioma domains ?

Lawyers get referrals all the time from every Tom ,Bill and Harry.

Never knew this was illegal in some states.
Why would it be?

This I gotta hear. Go ahead shoot.
 
1
•••
Oh, yes, by all means give your confidential information to someone you don't know, and who will hook you up with a lawyer who is paying him to do so, instead of one who is most competent to deal with the situation.

Incidentally, many US jurisdictions make this sort of arrangement illegal.

If you are talking about the confidential info in the emails ? If goes without saying that never crossed my mind.

Never hand that over.

But that email where the bank employee admits to knowing this stuff is going on?

That is usable .

As far as the data. Once the right lawyer is found. That lawyer I'm assuming can make arrangements for the proper authorities to come get it.

That way the lawyer doesn't see it.

Again in hindsight I'm realizing now all this might be dangerous for the op as whoever this client might be , might be part of some larger criminal organization .
 
1
•••
Avatar its clear to everyone that you open your mouth before brain has been connected.

Why do you insist on guiding people on subjects you know nothing about?

Often your advice is silly and non sensical. But sometimes you are suggesting people to take illegal action. Like in this case. You are more dangerous than you think.
 
8
•••
Hi.

To be honest, based on your description I don't exactly understand the situation. For me it sounds either that one company or website (A) just gets by mistake e-mails that are not intended for A but for a company/website which has a similar name as A.

On the other hand it also sounds as if A and the other companies/websites might be affiliated with each other - subsidiaries or something like that. You write that "one such client outsourced to us a couple of their websites for customer support".

Anyway, I was wondering if technical support/software developers should rather focus on technical aspects of e-mail configurations, etc. instead of the content of e-mails? It sounds like you haven't just read the headers of e-mails which might automatically happen when setting something up?



Something like this sounds definitely illegal, but requires proof and seems based on the information provided by the thread opener very speculative.


I know that such things need proof and at best is speculative but do we have the luxury of waiting and debating on where this is illegal or not while this data gets into the hands of criminals.

I've had my mother scammed over the phone by someone who sounded indian (sorry India) and shes 75 and she actually gave her birthday and social.

And now I have to pay all the credit bureaus to monitor her stuff and got lifelock for her too.

And now she doesn't answer the phone ever.
 
0
•••
I know that such things need proof and at best is speculative but do we have the luxury of waiting and debating on where this is illegal or not while this data gets into the hands of criminals.

I think the thread openers information doesn't really give enough information to determine that any data is getting into the hands of criminals.

Additionally to the thread opener: If I suspected or feared that my company might be involved in something illegal conducted by one of my clients, I would ask a lawyer for advice and not the members of a domaining forum.
 
4
•••
Avatar its clear to everyone that you open your mouth before brain has been connected.

Why do you insist on guiding people on subjects you know nothing about?

Often your advice is silly and non sensical. But sometimes you are suggesting people to take illegal action. Like in this case. You are more dangerous than you think.


Look if I'm wrong then prove it. I've been corrected before. And if I'm wrong hey I'm grown I can accept it.

If anything it's a learning experience for me.
So win win either way.

But taking the opportunity to take pot shots at somebody is more telling about a person's character .

Than some guy who yea sure is talking out his ass. Lol

As you have pointed out. Everyone is watching me.

But in truth everyone is watching everyone on here.

I challenge to show proof that I ever kick a guy while he's down or put salt on an open wound on here.

I know I haven't.

Can you say the same?

But either way thanks as always for the input.

I can only talk about what I know and I have referred several cases to lawyers in the past.

And to my knowledge I haven't had the cops knocking on my door yet.

As for OP? Speak to a lawyer. The worse thing that can happen is they turn you down as there is no case . Perhaps jberryhill?
 
1
•••
I think the thread openers information doesn't really give enough information to determine that any data is getting into the hands of criminals.

Additionally to the thread opener: If I suspected or feared that my company might be involved in something illegal conducted by one of my clients, I would ask a lawyer for advice and not the members of a domaining forum.


Ditto on that last bit
 
0
•••
It's not a breach of security but a HUMAN error behind these emails you get.

If someone sends an email to Your.Email in stead of (their intended address) YourBank.Email, the blame is on the side of the sender, not the receiver.

You're not involved in anything illegal, as long as you don't do anything with this (confidential) information.

Like your client said, treat as JUNK and delete.

Focus on the support questions, rather than spending time being paranoid.
 
3
•••
Never knew this was illegal in some states.
Why would it be?

Because of a long history of law, and law practice, of which your posts regularly show you to be profoundly ignorant, but which apparently has no impact on the level of confidence and bluster you demonstrate.

Florida, for example, implemented a number of rules after such entertaining examples of this practice which included a guy dressed up as a priest who showed up at an airport where family members were gathering to receive news after a plane crash. He would pray with them, and hand them a lawyer's card.

There's a lot of fine print on those mesothelioma advertisements which, in general, are advertisements by actual law firms, and which exclude a lot of states.

I occasionally get emails from people like you along the lines of, "I'm looking for a good lawyer for (some domain situations), do you have any experience with that?" Since I am not a ventriloquist who speaks through other people, I generally state that I'd be glad to consult with the person who has the problem. I am then told I need to pay $X. So, what it boils down to is that people like you are not really looking to get quality legal help for your victims, you are simply looking to find the lawyer who is probably so awful, lacking in reputation, and so desperately in need of work, that they have to pay you to get clients.

So, here are some rules in Pennsylvania, for example:

http://www.padisciplinaryboard.org/...ia-rules-of-professional-conduct.php#rule-7.3


Rule 7.3 Solicitation of Clients
  1. A lawyer shall not solicit in-person or by intermediary professional employment from a person with whom the lawyer has no family or prior professional relationship when a significant motive for the lawyer’s doing so is the lawyer’s pecuniary gain, unless the person contacted is a lawyer or has a family, close personal, or prior professional relationship with the lawyer. The term "solicit" includes contact in-person, by telephone or by real-time electronic communication, but, subject to the requirements of Rule 7.1 and Rule 7.3(b), does not include written communications, which may include targeted, direct mail advertisements.
Rule 7.7 Lawyer Referral Service
  1. A lawyer shall not accept referrals from a lawyer referral service if the service engaged in communication with the public or direct contact with prospective clients in a manner that would violate the Rules of Professional Conduct if the communication or contact were made by the lawyer.
  2. A "lawyer referral service" is any person, group of persons, association, organization or entity that receives a fee or charge for referring or causing the direct or indirect referral of a potential client to a lawyer drawn from a specific group or panel of lawyers.
 
7
•••
I've been an insurance agent for over 25 years. The idea of sending confidential client information to the wrong party is horrifiying. Those banks and insurance companies are opening themselves up to huge liability by not taking corrective action to make sure their employees never send confidential customer information to the wrong email address.

I'm not a lawyer, but I don't see how you or your client are doing anything illegal as long as neither of you use that confidential information. The fact that your client has made those other companies aware of this problem shows goodwill on your clients part.
 
4
•••
To the OP, please ignore any advice from @Avtar629. You have come on here for help, and he's just trying to think of any means to make money from it even if it's unethical.

It's not a breach of security but a HUMAN error behind these emails you get.

If someone sends an email to Your.Email in stead of (their intended address) YourBank.Email, the blame is on the side of the sender, not the receiver.

You're not involved in anything illegal, as long as you don't do anything with this (confidential) information.

Like your client said, treat as JUNK and delete.

Focus on the support questions, rather than spending time being paranoid.

This.

It's the fault of the sender not the receiver, your employer is not at fault. Ignore the emails and delete.

Just my opinion.
 
Last edited:
2
•••
Wait wait
Agreed deleting these emails is the right move.

But can the client have access to this info or is the inbox set up to forward emails to a different email address prior to having the ability to delete?

If that's possible then deleting the emails would be useless.

Criminals these days are sophisticated. They can come up with things we never thought of.
 
0
•••
We talk about this data from a perspective of it not being our data.

But if it was ours?

None of this "accidental" or "innocent" or "harmless" sending emails with our personal info would even matter I bet.

All that matters is that our personal stuff is or was in the hands of someone who shouldn't.

Even if they deleted it.

Would you feel comfortable knowing it was in their hands?

I feel uncomfortable just telling my credit card rep over the phone my social security to verify me and ask them to try some other way.
 
0
•••
Look if I'm wrong then prove it. I've been corrected before. And if I'm wrong hey I'm grown I can accept it.

...because you don't have to deal with the consequences which may befall someone under the mistaken impression you are in possession of a clue.
 
5
•••
To the OP, please ignore any advice from @Avtar629. You have come on here for help, and he's just trying to think of any means to make money from it even if it's unethical.



This.

It's the fault of the sender not the receiver, your employer is not at fault. Ignore the emails and delete.

Just my opinion.

Lol you know me lucid always trying to work the angles.

But advising people to do unethical things that you know is unethical vs. Advising people to do unethical things not knowing it was unethical are two totally different things .

I can only speak of what I've done and seen on my end and proceed to talk from there.

Perhaps what I advise is unethical in some states or country of which I had no idea. But where I'm located as far as I know it's ethical.

But don't quote me

Breach in security and the mishandling of client personal info has been on the news headlines.

I did not make that up.

When it comes to identity theft which most likely this isn't. Do we have the luxury of being relaxed about it.

I'm sorry but to protect the people. Every incident like this that smells fishy should be scrutinized.

Ultimately this not about making a fast buck it's about making sure nothing criminal is going on 100% not 50% or 10%.

As for the fast buck. There was never any guarantee I'd get any commission for the referral.

So that can't be my only motivation for my advice.

I never knew protecting people's identity was unethical?
 
0
•••
1
•••
...because you don't have to deal with the consequences which may befall someone under the mistaken impression you are in possession of a clue.

OP contact a lawyer. That has always been my underlying advice on here. Take it or leave it. I'm done.
 
0
•••
0
•••
But where I'm located as far as I know it's ethical.

Yes, and if you put "as far as I know" in statements like that, then as long as you continue to demonstrate that you "know" virtually nothing, you're fine:

New Jersey:

http://www.judiciary.state.nj.us/rules/rpc.pdf

RPC 7.2
Advertising

(c)
A lawyer shall not give anything of value to a person for recommending the lawyer's services, except that: (1) a lawyer may pay the reasonable cost of advertising or written communication permitted by this Rule; (2) a lawyer may pay the reasonable cost of advertising, written communication or other notification required in connection with the sale of a law practice as permitted by RPC 1.17; and (3) a lawyer may pay the usual charges of a not-for-profit lawyer referral service or other legal service organization.


New York:

https://www.nycourts.gov/rules/jointappellate/NY-Rules-Prof-Conduct-1200.pdf


RULE 7.2:
PAYMENT FOR REFERRALS
(a)
A lawyer shall not compensate or give anything of value to a person or
organization to recommend or obtain employment by a client, or as a reward for having
made a recommendation resulting in employment by a client, except that:

(1)
a lawyer or law firm may refer clients to a nonlegal professional or
nonlegal professional service firm pursuant to a contractual relationship with such
nonlegal professional or nonlegal professional service firm to provide legal and
other professional services on a systematic and continuing basis as permitted by
Rule 5.8, provided however that such referral shall not otherwise include any
monetary or other tangible consideration or reward for such, or the sharing of legal
fees; and

(2)
a lawyer may pay the usual and reasonable fees or dues charged by a qualified legal assistance organization or referral fees to another lawyer as permitted by Rule 1.5(g).

-------

And, if you want to improve the generally poor condition of "as far as I know", you might check out the further information on those rules available at those links.

You might also notice that the relevant rule, in Pennsylvania, New Jersey and New York is numbered "7.2", but there are slight differences in wording.

That is because most jurisdictions have adopted the general form of the ABA Model Rules, and altered them to suit what the lawyers in that jurisdiction believe to be appropriate. So the general subject area of the relevant rules in any particular state is usually found in the same numbered sections of their particular ethics regulations.
 
3
•••
Back