Am I involved in something illegal?

[Angeline Malik]

I joined NP a few days ago and as I indicated in my first post in the meet and greet area, I’m a software developer, my knowledge about domain names is limited. I have a question and I’d be extremely grateful if experienced domainers can help me.

I have a small software company comprising a few developers. We have clients mostly from the USA, UK and Middle East. A year ago, we added a new segment to our business: providing online/ ticket based technical support to the customers of our clients.

A few months ago, one such client outsourced to us a couple of their websites for customer support. Let’s say for understanding purposes one of the sites’ name is tesla.com. When we were given the access to the email accounts and the second we set up MS Outlook, we found loads of emails but not intended for tesla.com, instead for different financial institutions like teslabank.com, teslainsurance.com and many others.

Upon further investigation we discovered that people in the bank and insurance etc promote themselves as tesla and when their customers write to them, many tend to forget to add bank, insurance after tesla and all such unrouted communications are delivered to the default email address of tesla.com, which is, say, support at tesla.com.

The funny thing is that people in the tesla bank and tesla insurance also make such mistakes and their internal emails also make their way to tesla.com’s default email address.

We contacted the owner of the website but s/he was not bothered. S/he said the people in the bank and insurance have been aware of all that for several years and they are least bothered. Whatever you receive for them, treat it like junk and delete it from your PC.

My question is if we, the support team, are involved in anything illegal? These messages which look sensitive in their nature as they carry confidential pieces of information about money, transfer, bank accounts, insurance, individuals and organisations, etc I find it difficult to comprehend that a bank or financial institution will not be bothered after knowing the extent of this kind of breach of security.

What’s the best course of action for us? Should we stop providing customer service to this client? Is it a serious issue or am I being paranoid unnecessarily?

 

[Angeline Malik]

@Kate , “I don't understand the purpose of this thread.”

The purpose of the thread is to learn how to stay out of the trouble whilst earning your legitimate livelihood.

@Avtar629 , “Sure did blow up this thread and get eyes on it. I'm sure OP can appreciate that at least.”

If that was the intention, then hats off to you.

@jberryhill , I don’t have words to describe my gratitude to you. I understand and value every word you have said in your post and take them on board. You are absolutely right, there are many other ways for your customers to reach out to you, it doesn’t only depend on catch all emails feature. Instead it may turn out to be a liability as you rightly pointed out, it’s really an eye-opening post for me.

As you are aware, we, software developers, turn this feature on without any malicious intention, it’s just a feature and we want to utilise it. In this case, it turned out to be behaving differently. Anyway, lesson learnt, spoke to the owner and s/he doesn’t mind turning this feature off, so already implemented.

Thanks again for this priceless advice, Dr J Berryhill!

 

[dnk]

I have some .in domain names and receive emails for .co.in domain name, looking for a solution. Do the other companies want to buy the domain

 

[Ategy]

@Angeline Malik ...

1) Don't take legal advice on serious real world situations in an open forum of relatively anonymous users.
2) Get real legal council specific to your jurisdiction.
3) COVER YOUR ASS! lol

By #3 I mostly mean what @Kate said ... make sure you clearly document that you've informed your client of the emails in question.


Personally (not real legal advice), this really doesn't seem like a big deal at all .. AS LONG AS .. you don't use or reshare the information in question. Personally I'd just delete everything.

4) See #2

 

[MapleDots]

Personally I would take the main email addresses and bounce them back.
I would advise my client to use something different because of the possibility of confusion with the other company (that is just good business sense to me).

So if you get incorrect email to info@tesla bounce them back and advise your client to use sales@ or contact@ etc.

I own MBCanada.com and used to get emails for Mercedes-Benz Canada. I simply bounced them back and the person sending it made a correction and it did not recur. I made sure the address I was using was different from what they were using and today it is no longer an issue.

I did this to protect myself from any legal ramifications, I did not do it for ethical reasons. I just figured the emails were none of my business and I will take steps to assure the originating sender was properly notified.

PS. and it goes without saying.... turn off catch all.

 

[Jv1999]

I joined NP a few days ago and as I indicated in my first post in the meet and greet area, I’m a software developer, my knowledge about domain names is limited. I have a question and I’d be extremely grateful if experienced domainers can help me.

I have a small software company comprising a few developers. We have clients mostly from the USA, UK and Middle East. A year ago, we added a new segment to our business: providing online/ ticket based technical support to the customers of our clients.

A few months ago, one such client outsourced to us a couple of their websites for customer support. Let’s say for understanding purposes one of the sites’ name is tesla.com. When we were given the access to the email accounts and the second we set up MS Outlook, we found loads of emails but not intended for tesla.com, instead for different financial institutions like teslabank.com, teslainsurance.com and many others.

Upon further investigation we discovered that people in the bank and insurance etc promote themselves as tesla and when their customers write to them, many tend to forget to add bank, insurance after tesla and all such unrouted communications are delivered to the default email address of tesla.com, which is, say, support at tesla.com.

The funny thing is that people in the tesla bank and tesla insurance also make such mistakes and their internal emails also make their way to tesla.com’s default email address.

We contacted the owner of the website but s/he was not bothered. S/he said the people in the bank and insurance have been aware of all that for several years and they are least bothered. Whatever you receive for them, treat it like junk and delete it from your PC.

My question is if we, the support team, are involved in anything illegal? These messages which look sensitive in their nature as they carry confidential pieces of information about money, transfer, bank accounts, insurance, individuals and organisations, etc I find it difficult to comprehend that a bank or financial institution will not be bothered after knowing the extent of this kind of breach of security.

What’s the best course of action for us? Should we stop providing customer service to this client? Is it a serious issue or am I being paranoid unnecessarily?

hackerz dream ^_^