Should I Ignore My Impersonator?
February 28, 2013 5:41 PM   Subscribe

Someone is creating accounts using my name and work email address on offensive sites. Looking for guidance on what to do.

I'm an executive at a large financial company with an easy to find online profile (industry press, linkedin, online blog, etc) for my industry. For the past year or so, someone has been using my professional email address and name to create online profiles with offensive and unprofessional sites (nothing illegal). The information that gets entered into the profiles is a mix between offensive and wildly unprofessional requests for friends/services and accurate information that only someone who actually knew me would know. I don't think the creator of the profiles is actually using them to impersonate me as much as I think they are using this process as a way to send me some sort of strange message. The perpetrator uses sites that don't validate email addresses (you know, good sites require you to validate your email address by sending you an email and having you click a verification link).

My primary tactic has been to ignore... registration email for false account comes into my email, I mark it as spam and move on. I'm concerned that I could be doing more. My primary concern is my job. I don't want anyone at work thinking that I use work resources for these types of activities. I'm also concerned about fanning the flames or letting on to anyone that this type of behavior gets a rise out of me (as not to spur an escalation). I have a hunch it's someone I work with but no proof. I went to HR and let them know what was going on - just to get it documented in case something goes really haywire - but that was it.

Any guidance is appreciated.
posted by anonymous to Human Relations (22 answers total) 5 users marked this as a favorite
 
Can't you just log in and delete or request that the accounts be deleted? I mean, if it's your email, you can do a lost password thing pretty easily and get the login info. You might even be able to get the IP history on the accounts to have a chance at seeing who opened them.
posted by Slinga at 5:49 PM on February 28, 2013 [9 favorites]


The information that gets entered into the profiles is a mix between offensive and wildly unprofessional requests for friends/services and accurate information that only someone who actually knew me would know. I don't think the creator of the profiles is actually using them to impersonate me as much as I think they are using this process as a way to send me some sort of strange message.

This part stood out to me as really alarming. Someone who does this may escalate things into weirder or even dangerous territory even if you go out of your way not to provoke it.

If HR hasn't done anything, I'd go to them again. And seriously consider passing on some of this to the cops. Maybe--hopefully--it's just someone playing a stupid prank, but that is far from the worst case scenario here, and in either case, you want this rigorously documented by people who deal with it professionally.
posted by kagredon at 5:52 PM on February 28, 2013 [11 favorites]


My primary tactic has been to ignore... registration email for false account comes into my email, I mark it as spam and move on.

Even sites that don't make you proactively prove you own the email address often have a small link at the bottom of that email saying "it wasn't you/you didn't register this? click here". If they do have that, it should be pretty easy to at least prevent some of the accounts from being created.
posted by jacalata at 5:55 PM on February 28, 2013


Besides HR, can you get your company's IT people to see if they can track this? Since it sounds likely that whoever is doing this also works at your company.
posted by easily confused at 6:05 PM on February 28, 2013 [11 favorites]


It was smart to tell HR. If I were you, I'd make sure I had some documentation of that: a follow-up email from an HR rep, a copy of their report, whatever.

I understand why you want to be vague about details, given your situation. On the other hand, if you are having trouble deciding whether to respond further, knowing all the facts, then it's thrice as difficult for others to give you advice in the dark.

Having said that, I would probably get the name of a good employment attorney who is familiar with your industry and give him/her a call. (If a friend or coworker can't give you a referral, try contacting whatever is the leading career-transition service in your locale. They should have some good names.) Explain your situation to the attorney over the phone, and ask if he/she thinks it would be worth your coming in for a conversation. If you get a good referral, you should get an honest answer—and if that answer is yes, then you'll get whatever advice you need.

I'm sorry this is happening to you. Good luck.
posted by cribcage at 6:07 PM on February 28, 2013


I don't think that going to HR again is going to help -- what would you want them to do for you?

I would keep a _very_ close eye on your credit reports -- to the point of even investigating how to put a hold on your credit so that accounts can't be opened without secondary verification from you.

I would also think long and hard about who you think could be doing this. If you've got anyone in your past (an ex? an angry neighbor?) who you think could consider escalating, then I would talk to the cops, just to get an idea of what they think you should be doing to protect yourself physically.
posted by sparklemotion at 6:08 PM on February 28, 2013 [2 favorites]


If I was one of those public personal cleanup companies that advertises heavily on NPR promising to expunge the internet of reputation harming pages, you would be the kind of client I dream of.

Sadly, that's an outlandish theory. More likely this is the work of the far less intriguing conspiratorials: Anonymous. You work for a financial company that people likely screwed someone somehow. Your biographic information is on the webpage, which makes you a target of opportunity, and more can be purchased / found.

I'm concerned that I could be doing more.

Well, accounts are being registered in your name and email address. Email addresses are pretty required to be unique in their registration system, so you could attempt to recover the password by email, and then change it to something ridiculusly long. That account is now under your control, and no more posts will come from it. And the user name is also required to be unique. On the other hand, they didn't require your approval via email before posting, so that's a problem that suggests the rest of the system might be broken in other ways.
posted by pwnguin at 6:20 PM on February 28, 2013


If I was one of those public personal cleanup companies that advertises heavily on NPR promising to expunge the internet of reputation harming pages, you would be the kind of client I dream of.

There are ways to suppress these search results, that's for sure - some you can even do yourself.

However, that's not the real issue. This seems to be more of a case of stalking than anything else. Maybe notify the police?
posted by KokuRyu at 6:34 PM on February 28, 2013


I second the above comments to (1) document your report to HR and (2) ask your IT department to try tracing the impersonator. And because your work email is involved, I would bring this matter to the attention of your company's in-house counsel or outside counsel, and document that as well.

Additionally, most websites' Terms of Use/Terms of Service forbid impersonation. As a first step, you could try contacting the websites -- first by phone, followed up by email or some other writing -- and asking them to remove these accounts. And the next time you get a registration email, don't just mark it as spam. Contact the website (again, in email or some other writing) and contest the registration request. I'm not saying you will have instant results or any results at all but some sites may take your request seriously.
posted by Majorita at 8:02 PM on February 28, 2013 [2 favorites]


This is online harassment. There are laws protecting you, use them.

http://www.ncsl.org/issues-research/telecom/cyberstalking-and-cyberharassment-laws.aspx
posted by roboton666 at 9:42 PM on February 28, 2013 [4 favorites]


I am thinking impersonating someone is illegal, even if all they are doing is typing in your name and email address. I know of kind of similar cases where it was definitely illegal, but usually the end result was them getting access to information, whether it's an email inbox or a free credit report etc. about their target. If you want to pursue it and get law enforcement or an attorney involved, seems like the websites could be subpoenaed to provide the IP address of whoever is registering as you and then the ISP would have to tell law enforcement authorities who it is.

If they are using your name AND email, that seems deliberate. And if they don't seem to be legitimately using the websites, that might be a red flag too. (I can't tell you how many times I was asked for an email address and I typed info@(bigwebsite).com knowing it was an automated email address and not wanting to use one of my own, or typed a 1-800 number into a form asking me for a phone number. It seems odd someone would somehow be using you to avoid typing in their own info but throwing it out there.) Especially if it's been going on for a while, I might do something.

Any possibility it's a mistake? Someone in your company with a similar name? I have a friend whose name is pretty straight forward, but apparently his last name can be spelled with or without an E. He has had job applications sent to McDonalds via his email address. He had some serious internal documents sent to him by a major internet company. He has had a bunch of email forwards sent to him. And none actually meant for him. People just mistyped it. And so on.

edit: The information that gets entered into the profiles is a mix between offensive and wildly unprofessional requests for friends/services and accurate information that only someone who actually knew me would know.

Sounds like stalking to me. I'd talk to police and/or a lawyer.
posted by AppleTurnover at 9:53 PM on February 28, 2013 [1 favorite]


Document to HR simply to cover your ass, because it's likely to end up getting worse. Mention it to your colleagues and boss as a "man, this is a hassle having to report this" aside as well. Plenty of people google people they work with, and if I googled someone and found their name turning up at an offensive site, I might mention it quietly to their boss if I was concerned about the company's reputation (e.g. a school teacher turning up on a barely-legal porn forum). You then saying it's a stalker/mistake will sound like a weak cover-up. Get in front of this now.

Set up a google alert on blogs and websites and twitter for your name and just regularly go through and unsubscribe from all the crap.
posted by viggorlijah at 9:57 PM on February 28, 2013 [7 favorites]


Something similar happened to a friend of mine (in terms of being harassed at work) and I strongly urge you to keep your supervisor in the loop plus whoever in administration is responsible for your departments purchasing, accounts etc. Document everything in emails to these people plus HR every time you see a new sign up. The fact that my friend did this (and also kept several other co-workers in the loop from the beginning) saved her from a world of shit later on. Save everything, document everything and send it all up the chain in writing. The more people who know this is going on and you have nothing to do with it the better.

At the very least you should be able to get a new work email, have the old one shut down and have them track whatever they can on your work network. If this comes back to you later on you can refer them to IT or your HR who can tell them that no, it was not you.

And for God's sake don't click or anything or visit any of these sites! Ever! Let IT or the cybercrime guys deal with it. Ask them to unsubscribe you. You work at a financial place- the fact that someone is trying to get you to visit some sites and has access to your email and some of your info should set off huge red flags I'd think.
posted by fshgrl at 9:59 PM on February 28, 2013 [3 favorites]


If you are at a Financial Services company that is a registered broker/dealer, in addition to you having already gone to HR, I would talk to compliance as well and go on record with them.
posted by JohnnyGunn at 10:19 PM on February 28, 2013


fshgrl has an excellent point. You are an excellent target for personalised phishing attacks.

You click on one of these sites to unsubscribe or whatever, the target website is compromised, and ~arbitrary infection~ happens.
posted by Urtylug at 12:17 AM on March 1, 2013


HIRE A PRIVATE INVESTIGATION FIRM WITH INTERNET SAVVY!

Your professional reputation is worth this. Getting the documentation that might be available from this type of investigation is worth this!

The person you work with could even be using your laptop or workstation to sabotage you.

You want to know who it is, especially if they are using your work computer to incriminate you.

Hire a professional firm. Get to the bottom of this, even if you never do anything with the information you receive.

-----

You probably already know this, but web services like Spokeo track usernames and emails. Publicly. Your professional reputation is absolutely at risk.

Hire professionals to sort this out and guide you! I bet they have ways to "scrub" your online history, and that alone would be worth the cost.

Seek professional assistance!!

----

Good luck.
posted by jbenben at 12:26 AM on March 1, 2013


Some states have passed laws criminalizing internet impersonation. NY's penal law makes it a crime to impersonate another person by electronic means, including through use of a website, with the intent to obtain a benefit or injure or defraud another person. CA's penal law makes it a crime for someone to knowingly and credibly impersonate an individual online in order to harm, threaten, intimidate or defraud them. There are attorneys experienced in privacy issues, online harassment, identity theft, internet security, etc. If you would like more info, memail me or ask a mod to post an email address for you.
posted by Majorita at 4:35 AM on March 1, 2013 [2 favorites]


>registration email for false account comes into my email, I mark it as spam and move on

This sticks out to me. It's like someone banging on your front door, and you turned over and put your pillow over your head. The purpose of those messages is to give you the chance to speak up and tell the provider, "Hell, no. I didn't sign up for that." If you don't, it has every reason to consider the new account legitimate.
posted by megatherium at 5:05 AM on March 1, 2013 [1 favorite]


I'd get with someone in your company's security department to discuss. They may have some insight for dealing with this AND it's a total CYA move.
posted by Ruthless Bunny at 6:39 AM on March 1, 2013 [2 favorites]


Telling HR about this was a good move. Your IT staff might also have some helpful suggestions, but you're going to get the best advice from a computer forensics expert. Some of these sites log the IP (and maybe browser fingerprint) of where visitors have logged in from, and this can be useful intel to help identify the person behind this. Some sites even include the originating IP in their registration email, so check that for clues. I'd see if you can get a PI-type to contact these sites on your behalf and see if they will reveal this information, and you could potentially take action from there. If this activity is occurring from work (and you work in a large enterprise with lots of network monitoring in place), there are probably several different ways to figure out where this activity is coming from.

But, seconding others' opinion, ignoring this will not make it go away, and I recommend you do something now rather than continue to embolden this individual.
posted by antonymous at 10:22 AM on March 1, 2013 [1 favorite]


Whenever people even accidentally use an email address of mine to register for something, I log in and delete the account. If you don't want the account deleted, don't assign it to me.
posted by w0mbat at 10:51 AM on March 1, 2013


If you have the resources to do so, you could try contacting private investigators to see if they have the capabilities to track this person down. I don't know technically how this sort of thing is done, but I do know my (coder, very, very tech-savvy) husband has been able to easily determine the identity and location of users on the internet with less information than what you likely have here.

Frankly, I would be very concerned about immediate safety in this situation. This is not normal behavior, even for someone who doesn't like you.
posted by wansac at 9:27 PM on March 1, 2013


« Older Help me find this thermometer.   |   Reverting to Java 6 from Java 7 (Mac) Newer »
This thread is closed to new comments.