Sometimes I wonder how compromised my parents online security would be without my intervention.

My mom logged into her gmail and there was an red bar on top informing about Google preventing an attempted login from an unknown device.

Like typical parents / old people, that red bar didn't caught her attention but I noticed it immediately. I took over and looked into it. It showed an IP address and a location that was quite odd.

I went ahead with the Account security review and I was shocked to find that she had set her work email address as the recovery email!!

I explained her that work email accounts cannot be trusted and IT department of the workplace can easily snoop emails and other info on that email address and should not be related to personal accounts.

After fixing that issue, me being a typical skeptic and curious guy, I decided to find more info about that IP address.

I looked up the IP address on a lookup website and it showed an ISP that was related to the corporate office of her workplace. I noticed the location Google reported also matched with the corporate office location of her work.

Prior to this event, few days ago, I had made her change her gmail account password to a more secure one. ( Her previous password was her name followed by birth date!! ). This must have sent a notification to the recovery mail address.

All these events are connected. It is very obvious that someone at corporate office goes through employees email addresses and maybe even abuse those information.

My initial skeptism of someone snooping throguh work email addresses was right.

You're welcome mom!

  • 14
    This is illegal access, you could bring it to the police.
  • 12
    She didn't just tried to log in at work?
  • 3
    @Jifuna that's what I think too. Why would an employer care for your private e-mails?
  • 4
    @jonii maybee not the employer but some creep?
  • 2
    @Wack @jonii you know how IT people can be xD
  • 3
    @Wack @Codex404 oh that'd probably be possible, if it really wasn't his mom I would report it for sure, because that's some shady shit nobody should do. I mean we IT guys are weird, but come on, we respect privacy.
  • 1
    FWIW: if a company is using GSuite, you can't just easily snoop on an employee's mail. It's a process that (done properly) requires both internal counsel sign off, as well as the appropriate feature in GSuite to access the account without delegating the account to another account (which makes the user aware of it). While possible, i'd say it's more likely that someone specifically at her work was trying to get in, not necessarily a targeted corporate action.
  • 1
    @plttn usually you can't get access to a mailbox with most mailservers.
    But sometimes managers get access to mailboxes, so that'd be a possibilty.
  • 1
    @Jifuna she said she never tried to login from any system at work place. Also she barely has any need to login to her gmail on work place.

    About accessing employee emails, you don't really need account credentials to read the emails. For eg, Zoho has this feature where you can set emails to other accounts get forwarded to super admin email. So it is possible that way as well.

    Btw, I think they are using some IBM developed mail client. It was most horrid and outdated looking mail client I have ever seen.
Add Comment