Is it legal for company to use my work email to pretend I still work there?

Question

I recently quit my job due to the toxic work environment.

My job involved email communication with our clients, and my boss has asked my coworkers to use my email to pretend to be me and talk to our clients. He says he hasn't been able to find a replacement for me yet, and that he doesn't want our clients to think we have turnover. Is this legal?

He also asked me to give him my LinkedIn profile login information. I created it using my work email address and now he says he owns the rights to it since he owns the rights to my work email address too. I'm afraid he's going to edit my work history to make it look like I still work there. What should I do?

I swear there was another question on the site asking a near identical question, where the OP had quit but the company was still sending e-mails as if they came from them but I'll be damned if I can find it. I'm sure it was highly upvoted — Tas, Apr 05 '19 at 03:15
@Tas My past employer kept my email inbox and assigned it to someone else in the company and highly upvoted: My ex-employer is sending emails to customers in my name — gnat, Apr 05 '19 at 06:17
Needs a location: a number of answers are claiming that the company owns the e-mail, therefor it can read/use it, which is simply not true in at least parts of the EU. — DonFusili, Apr 05 '19 at 08:04
This is easy as having an email Natasha.Surname@emailprovider.com. You shouldn't create accounts with company-owned emails — L_Church, Apr 05 '19 at 11:53
The email for logging into LinkedIn only serves as the user name. You can easily change the email that is used when sending notifications, etc. — Peter Mortensen, Apr 06 '19 at 12:26
I notice this post currently has a delete vote. It should not be deleted because it has tons of useful information. — , Apr 19 '19 at 11:00

score 175 · Answer 1 · edited Apr 06 '19 at 21:20

175

Regarding the first question, "is it legal?" questions should always be posted on Law SE, not here.

As for your LinkedIn account, LinkedIn has the ability to change your email address associated with your account. It should be in your profile settings somewhere. You should change that.

edited Apr 06 '19 at 21:20

eMBee

440
2
7

answered Apr 04 '19 at 18:02

Ertai87

45,600
9
73
144

153

Change your email immediately. And in the future never set something up that is not 100% work related using a work email. You may actually have a very difficult time making this change since often access to the old email can be used to reverse things like this. They will most certainly be notified, and they can change your password there now too at any time. – Bill Leeper Apr 04 '19 at 18:38
47

It's prima fascia fraud, anyone with basic HR knowledge knows that. – Old_Lamplighter Apr 04 '19 at 18:39
4

@JoeStrazzere certainly that, possibly both, but also could be identity theft as well. – Old_Lamplighter Apr 04 '19 at 19:25
1

@JoeStrazzere agreed, the advice here is definitively "get a lawyer" and find out HOW BAD – Old_Lamplighter Apr 04 '19 at 19:34
1

@BryKKan or construction – user87779 Apr 04 '19 at 23:14
2

@AlexM,@user87779 You are both technically correct - the best kind of correct! – BryKKan Apr 04 '19 at 23:16
This answer should be a comment. Answer by @RichardU is the proper thing to do. OP's boss and employees are committing identity fraud by using anothers' identity without permission. OP might've worked for boss, might've used work email, but never is anyone allowed to impersonate another. (EU person here ,NLD specific). – rkeet Apr 05 '19 at 09:18
It is malum per se; which specific crime depends on the law of the area. – Joshua Apr 05 '19 at 15:37
i can confirm that linkedin lets you change your email address. i did that myself some time ago. – eMBee Apr 06 '19 at 15:47
On a sidenote, use named accounts as little as possible; use aliases. Register domains with hostmaster@example.org, get invoices sent to accounting@example.org. Then when john.doe@example.org leaves, you don't have to go to hundreds of places to change the address, you just point to the new persons email. Consider using a CRM-system to keep all correspondances available to whoever is assigned to that case. – Lenne Apr 06 '19 at 23:38

Old_Lamplighter · Answer 2 · 2019-04-17T15:24:46.800

102

Update your linkedin profile IMMEDIATELY, report possible fraud to them. Change the email from your work email to a private one.

Get a lawyer to send a cease and desist order to your previous employer. Ask your lawyer about identity theft and criminal impersonation charges.

Also ask your lawyer if you're permitted to reach out to the clients.

edited Apr 17 '19 at 15:24

answered Apr 04 '19 at 19:33

Old_Lamplighter

159,693
108
436
585

42

Note that, from LinkedIn's perspective, this can look a lot like someone pretending to be you to try to hijack your account (as opposed to you trying to hijack your account back from your former boss pretending to be you). If you didn't already have two-step verification or some other backup authentication method set up that isn't tied to your old work e-mail, you could have a hard time proving that you're really you. – Ilmari Karonen Apr 04 '19 at 23:09
LI was ask for proof of identity. – David Schwartz Apr 05 '19 at 02:13
7

Report fraud to LinkEdIn that doesn’t make sense. The author should just change the registered email address. – Donald Apr 05 '19 at 12:00
2

@Ramhound sure it does. A scummy employer that tries this once, will try it again. – Old_Lamplighter Apr 05 '19 at 12:42
I would go a step further. I would ensure that my LinkedIn account clearly states that any e-mails from address ____ or from that domain with my name in them are NOT from me and that I do not work for that company, partly because they do things like that. (But then, after all the spam I got from LinkedIn, I wouldn’t even have an account there.) – WGroleau Apr 06 '19 at 10:11

score 51 · Answer 3 · answered Apr 04 '19 at 18:25

51

Company owns your email address (for example natasha.nice@yourcompany.com ) so they could theoretically re-use it, however impersonating someone (especially to obtain financial gain) is strictly forbidden in most civilized societies. For example , in US it amounts to a criminal fraud.

I advise you to write polite but firm letter to your former company, asking them to cease and desist with this behavior. If they don't respond contact legal professional in your area. In some jurisdictions you could even contact police.

As for LinkedIn, email with the proof of your identity (document issued by your government with the purpose of identification) is enough to close down fraudulent profile.

answered Apr 04 '19 at 18:25

rs.29

1,431
9
18

12

It's also a common practice, at least in the US, to keep the e-mail accounts of certain former employees active to receive new mail for some time after their departure. However, access is usually granted through someone else's own account, or some other generic account, and any responses are tagged as sent by "y" on behalf of "x". Rather than impersonating the departed individual, this is simply a means of ensuring client communications aren't "lost" during the transition. – BryKKan Apr 04 '19 at 22:04
1

"For example , in US it amounts to a criminal fraud." It is not itself fraud; rather, it can be used to commit fraud. – Acccumulation Apr 04 '19 at 22:14
13

@Acccumulation In this case, there is clear intention to mislead clients in order to obtain financial gain. These are elements of criminal act. We do not know if OP is for example expert in her filed, so clients would not be willing to accept to work with someone else. Anyway, it all looks very shady and OP's old company definitely has no legal right to keep impersonating her. – rs.29 Apr 05 '19 at 06:25
@BryKKan I would agree, but company has no right to communicate trough that email without notifying other party that they are now talking with another person. – rs.29 Apr 05 '19 at 06:26
This is the only correct answer, if they really keep sending mails in the OP's name as the question suggests. This is not just a principle thing, what if the company gets in a bribery/fraud/harassment/... case with that client and those mails in 'your' name pop up? – KillianDS Apr 05 '19 at 07:07
2

@rs.29 Even if not the an expert, some fields have a heavy emphasis on the client relationship, and the clients can sometimes follow the employee to their new company. Well known in the fashion industry, e.g. with Personal Shoppers - they may work for a company, but the Client Portfolio is theirs. – Chronocidal Apr 05 '19 at 08:22
There are people with the same name for example like John Smith. So while typically you would have John.Smith.1 and John.Smith.2, it’s theoretically possible for an email address to be used again, however the description of the actions by the company appears to be to deceive other people making it look like the John Smith they knew still works at the company. So it could be fraud or it could be considered something else all depends on the local jurisdiction laws. – Donald Apr 05 '19 at 12:04
1

I agree with rs.29, impersonating someone is stricly illegal and should be reported to autorities. – Chololoco Apr 05 '19 at 14:38
@rs.29 I agree. That's why the proper industry practice is that the person assuming the responsibility for managing that inbox during the transition does so through their own account, thus leaving an audit trail, and rendering a message (properly configured, most e-mail software does this automatically) to outside parties that any response was a proxy response.
In fact, we are very much in agreement that OP's employer was in the wrong. I simply wanted to point out that while companies do commonly keep mailboxes open for a while (legally), OP's employer is clearly violating the law.
– BryKKan Apr 11 '19 at 19:00

J. Chris Compton · Answer 4 · 2019-04-05T13:09:32.700

17

Congratulations on taking action to get free of a toxic environment!
A lot of people just put up with it.

This is advice for next time (for you) and for any others that might be considering this:

Set your out of office and your voice mail greeting just before you turn in your notice.
Don't say anything nasty towards the company, just a simple:

"I am no longer available.
You can contact [whoever] to get a new representative."

Replace [whoever] with your boss's name, email of the sales department, or anything generic (not a specific person unless that person is a manager/supervisor in charge of your work).

You'll note I said "just before" because if they walk you out, you may not have a chance to do it just after you turn in your notice.

While this isn't a direct answer to your question, I do think it is helpful enough to not just be a comment
(and it is my comment on another answer)

Bringing the following comment in to my answer:

Since any company will already have access to all own email accounts regardless of the particular situation the OP is in, this is pointless, since any company computer admin can legally reverse the change

No isn't pointless - you do this as part of a professional exit.
You are pointing the customer to the next person, so they get the best customer service.

You are not "pulling one over on the company in case they pretend you still work there" because, really... how many companies would do this? (I'm expecting it is a very small number)

If you are in a very high touch situation and know it would be traumatic for the customer to be handed over more than once - then maybe you shouldn't set your out of office and redo your voice mail prompt.

It isn't about screwing your current company, it is about helping your customers, and it is about YOU and YOUR professionalism (whether your company deserves it is not relevant)

edited Apr 05 '19 at 13:09

answered Apr 04 '19 at 20:44

J. Chris Compton

9,392
1
25
48

I would also add that you might set the effective time for your OOO reply to some later time in case some circumstances in the process of leaving and you decide to delay or cancel your departure. Imagine they offer you a nice bonus to stay another month and you agree, only to have 7 clients get your OOO reply while in the meeting! – BryKKan Apr 04 '19 at 22:09
8

Since any company will already have access to all own email accounts regardless of the particular situation the OP is in, this is pointless, since any company computer admin can legally reverse the change. – alephzero Apr 04 '19 at 22:27
@alephzero It's tit-for-tat. You can never guarantee to win in a case like this; maybe you thought of more than your company's admin. Maybe you didn't. In any case, I would say that actively calling or emailing clients might be interpreted differently than setting up a voicemail message. – employee-X Apr 05 '19 at 06:32
@BryKKan Good point. Two things though... the first is that not all employees have that functionality (not there / not permitted). Second, I wouldn't (in general) recommend accepting a counter offer (especially in a toxic environment). The signed bonus offer to delay departure you mention would be something to consider - if the bonus is reasonable, you actually expect they'll pay it (not fire you the day before), and the timeline is both fixed and reasonably short (not "until we find someone else" because they may not look... recall that OP reported the environment is toxic). – J. Chris Compton Apr 05 '19 at 14:21
This is all excellent advice, unfortunately, it's not an answer to the question. – FreeMan Apr 05 '19 at 14:44
@FreeMan Yes, that's why my third paragraph is, "This is advice for next time (for you) and for any others that might be considering this." – J. Chris Compton Apr 05 '19 at 14:47

SemiGeek · Answer 5 · 2019-04-04T20:44:24.860

13

Legality definitely matters, but even if illegal, are you willing to hire lawyers and sue? What will the legality do to shape your response?

To me the larger questions are around whether it’s ethical and more directly what’s the harm or value of what’s happening. You need to gauge whatever risk you are willing to undertake either by allowing them to pose as you or in fighting them. There are many facets here.

That said, even if it is somehow legal I consider this a form of identity theft in principle. If it were me, I would do or at minimum strongly consider the following actions:

Change the email to which my LI account is linked;
Inform my former employer they absolutely do not have my consent to pose as me;
Suggest if they wish to retain the use of my existence, we should work out a suitable consulting arrangement;
Inform them of my intent to do the following if they do not cease posing as me; and
Contact my former client and vendor contacts/companies and alert them that it’s come to my attention that my former employer may be attempting to pose as me.

Edit To be clear, in no way am I suggesting the OP's personally affiliated account be shared. The consulting angle implies the OP actually is a consultant and is responding themselves...not licensing use of their name to others.

edited Apr 04 '19 at 20:44

answered Apr 04 '19 at 18:29

SemiGeek

5,557
14
28

2

Suppose a random person A who did not like the OP was able to log into OP's account because the managers told everyone to log into her account to see if any clients are calling her. Let's say person A saw the linkedin message from a potential employer and used that contact to ruin OP's chance of being hired? Not exactly a great situation for the employer, even if it's the action of another. – Dan Apr 04 '19 at 18:49
@Dan Agreed. One of the many scenarios where this overall sharing of the account is bad (in this case for both OP and former employer). "Let that be a lesson kids. Never ever share your passwords." – SemiGeek Apr 04 '19 at 19:10
1

"Contact my former client and vendor contacts/companies and alert them that it’s come to my attention that my former employer may be attempting to pose as me." - Beware - creative lawyers might try to frame this as the OP trying to sabotage his former business, in some jurisdictions. This could work especially in those jurisdictions where "connections" allow some parties to get unequal rights under the law. – Peter Apr 05 '19 at 22:48
@Peter - very interesting and good point. I would probably still (if it came to it) go through with it, personally, but that's far from legally sound advice. Sometimes the principle is worth the hassle and for a company to essentially practice professional identity theft, I would be generally willing to take that risk--after some more research. – SemiGeek Apr 08 '19 at 20:54

score 7 · Answer 6 · edited Apr 06 '19 at 16:45

7

Your former employer (which might or might not be the boss -- the same would apply to anyone operating on their behalf) would be in breach of the LinkedIn User Agreement if anyone who wasn't you was to use your account.

Paragraph 8.2. sub-paragraph (a).

You could refer to that link as a response to the request.

edited Apr 06 '19 at 16:45

mcknz

25,182
9
85
106

answered Apr 05 '19 at 11:40

ItWasLikeThatWhenIGotHere

5,621
1
21
35

Upvoted, but I think this would be a better fit as a comment. – user1717828 Apr 05 '19 at 13:44
@user1717828 The question that the employer has requested LinkedIn login credentials and the asker wants to know what to do about that. Although it's not written explicitly, the strong implication from this post is "Do not give them your login credentials." That's an answer to part of the question. – David Richerby Apr 05 '19 at 15:18
1

@user1717828 - I was in two minds about that myself, but it didn't seem to fit as a comment to the original post (as a suggested edit it would have changed the question and affected existing answers), and I wasn't able to pick from the answers at time of posting for suggestion as an addition. Imperfect solution, I know. – ItWasLikeThatWhenIGotHere Apr 06 '19 at 08:17

score 1 · Answer 7 · edited Apr 04 '19 at 18:27

I imagine you'd have to go see a lawyer. In terms of ownership, your employer "owns" your email address. So they are allowed to view the contents and/or make appropriate adjustments. There are certain protections but it depends on your country as far as what your employer may view and keep. It may also depend on your country but I would imagine so long as they are using it to direct their business then it is perfectly legal. Now if they are using it to pretend to be you by protective reasons (doctor, lawyer, psychiatrist, bank login, etc) then no, that would definitely not be legal.

Key reason you should not be signing up for LinkedIn with your work account that is not work related. Hopefully you did not do anything important with the account or contacted anyone non-work related. Definitely update any email addresses on various sites, and be sure to contact anyone not related to work that your email has changed.

score 0 · Answer 8 · answered Apr 04 '19 at 18:01

0

While they can still use your work email since it belongs to the company they probably cannot ask your coworkers to impersonate you. I would seek the advice of a lawyer immediately.

As for your Linkedln profile, once again if you created it with your work email they have control of this account as well. You do not need to give them your login information as they can simply reset it with the email that they have control over.

Regardless, seek legal advice regarding the company impersonating you.

If you have the contact information for your former clients, you can reach out to them and let them know you quit the company and that any emails appearing to come from yourself are not actually from yourself.

answered Apr 04 '19 at 18:01

sf02

78,950
39
179
252

1

I would just use any client contact information and contact they and just say you have left the company and it was a pleasure working with them. Let them draw their own conclusions as to any future conversation utilises your form email – Ed Heal Apr 04 '19 at 18:19
Given the ease to "forward" the email, I don't see any reason they should be using the OP's email other than to catch and redirect anything they were working on at the time. If the employer is allowing random employees to log into her account, then that might open the door for (possibly civil only) action. – Dan Apr 04 '19 at 18:24

score 0 · Answer 9 · answered Apr 04 '19 at 19:16

It’s probably Ok to keep using your email address. There may be some problems: if you were highly experienced and valued by customers, and you are replaced by someone much less competent, and customers only find out when they are asked to pay for shoddy work performed under your name, that could be a problem. If your reputation suffers, that could be a problem. If your new employers reputation suffers because it looks like their best man is not an employee but working for more than one company, that would be a problem.

So it’s not the reusing of the email address that causes them legal problems, but any consequences.

CA Trevillian · Answer 10 · 2019-04-08T09:04:52.723

0

I would say make their company name and behavior public knowledge. The company should go bankrupt, not be enabled to steal identities. LinkedIn is like Facebook, except that these are public profiles that represent our professional selves. You are not the company. The company is not you. If I were in this situation, I would save emails and related communications, and then press charges against the executives responsible. Additionally, I would recommend contact with the BBB or similar organization in order to make formal complaints. I might also suggest some communication with your country's local investigative bureau (FBI in the US) being that it is corporate-level fraud and identity theft, or a new form of it.

edited Apr 08 '19 at 09:04

answered Apr 07 '19 at 15:24

CA Trevillian

111
2

suggestion to communicate with FBI looks confusing because nothing in the question appears to indicate that it's about US. Please consider [edit]ing to clarify this. See also: [answer] – gnat Apr 08 '19 at 08:52
Thank you for the suggestion on clarity, @gnat. I have implemented it. – CA Trevillian Apr 08 '19 at 10:26

score -1 · Answer 11 · edited Apr 06 '19 at 16:44

-1

Do you still have access to your work email? You should have sent clients a "Dear John" letter when you quit.

Currently you can only update your LinkedIn profile to put past in the past.

Regarding LinkedIn -- it's your account and I would suggest changing the email. It's linked to the personal one. If you don't have one now, there are lots of free ones.

edited Apr 06 '19 at 16:44

mcknz

25,182
9
85
106

answered Apr 04 '19 at 19:32

Strader

13,415
1
26
59

6

I have to disagree with telling clients you are leaving. That's a work issue that the company should handle. Obviously, they shouldn't handle it by faking, but how and when internal company issues get communicated to customers is up to the company. – DaveG Apr 04 '19 at 19:34
@DaveG Workplace is workplace, but lots of service positions based on personal relationships and person`s reputation transcends one particular workplace. OP already stated that workplace was toxic, easy for pretenders to ruin her reputation for further job search or even clients endorsements for linked in or even as potential employers in the future – Strader Apr 04 '19 at 19:37
I wouldn't recommend sending any sort of notice when you quit. Probably okay to set your out of office message before you go though - I will post as an answer to see if there is a good rebuttal to this. – J. Chris Compton Apr 04 '19 at 20:28
@DaveG I've had this happen to me when our providers change personnel. In some cases the new person sends an email introducing themselves. In others they carry on like the person is there which is disconcerting when you call up asking for a specific person who is no longer there. It does depend on the situation. – Underverse Apr 05 '19 at 05:42

Sourav Ghosh · Answer 12 · 2019-04-05T05:47:35.207

-1

Is this legal?

You don't need to worry. Like many other things, company email address is one of the company-provided resources that is owned by the company and made available to you for use. The moment your employment comes to an end with the organization, your access should be ceased. Going further, what happens to your account (or related information), is not your concern. Company can chose to keep the account active but remove ALL access to it, they can chose to destroy the account information - up to the company policy.

What should I do?

I'll list down three things, which are needed right now:

Change your email address associated with your LinkedIn profile.

-- This way, your boss cannot make any (false) claims to "own" the account, by any means.
Ask your boss for a written request to reveal your password (yes, without you providing your password, they should not be able to access it)

-- If you chose to response, don't provide the password, and loop higher-ups and infosec team (if you have one) in loop. This should teach the people asking for password the lesson they need.
Make sure you don't have any open-ended communications before your leave, transfer the ownership of the ongoing action items to your colleagues / superiors.

-- If there is no ownership on you, anyone pretending to be "you" to get the work, billing or whatever, will be clearly crossing the line, into the legal jurisdiction (if need be).

This way, you can disassociate yourself from any concerns / claims about unauthorized actions, from your end.

Note: If they access your accounts without you providing the password, you need not be worried, you're not responsible anyways.

edited Apr 05 '19 at 05:47

answered Apr 05 '19 at 05:36

Sourav Ghosh

72,905
46
246
303

Going further, what happens to your account (or related information), is not your concern. it is when they're pretending to be you. In the EU that's simply identity fraud. The thing to do is: delete the account, create an alias with the same name and forward to department email, e.g. "sales@company.com". Also notifying clients that OP no longer works there with a request that they update their contact details to either another employee or general department address is prudent. – rkeet Apr 05 '19 at 09:23
@rkeet That's what I said, not OP's concern. If it is identity fraud, it's the company or the people. and whatever you mentioned needs to be done, should be taken care by the company, not OP. Remember, this is not a personal ID. – Sourav Ghosh Apr 05 '19 at 10:41
3

OP says in question: my boss has asked my coworkers to use my email to pretend to be me and talk to our clients, literally: pretend to be me. That makes it both personal and identity theft and something the OP must take action on. What happens when the new company OP works at has one of the same companies as customer/client. OP emails them / goes around, and they go "Uhh, we just spoke to you about Z for company X, how come you're now here about A for B? Appears we can't trust you" – rkeet Apr 05 '19 at 10:53
@rkeet OK, yes, and what do you suggest OP "must" do to prevent the "theft"? Also, there is nothing to be afraid if I'm not wrong, Say, you lose a key to your house, and s thief found that, and somehow you both end up being in a police station, so the police will say to you: "Uhh, we just saw the key with X (the thief), now you also have a key. Appears we can't trust you"? – Sourav Ghosh Apr 05 '19 at 11:27
(can't tag you for some reason) what do you suggest OP "must" do to prevent the "theft"? Go to the cops, file charge for identity fraud. - The house-key thing doesn't is nonsensical to the situation described by OP. Better would that you move into a new house, the old owner keeps a key and randomly comes into your house to use your fridge, sit on the couch and watch some on-demand pay-per-view and pretending with the neighbors/neighborhood that he never left and still lives there. – rkeet Apr 05 '19 at 11:57
Still a nonsensical example, but comes down to it that the old boss can make OP's life a living hell, out of OP's own name. It's plain and simple. – rkeet Apr 05 '19 at 11:58
no need to tag, OP will get the notification for any comments under the post. Regarding your example (nonsense or not), the rented house should be now-vacated. – Sourav Ghosh Apr 05 '19 at 12:06

Is it legal for company to use my work email to pretend I still work there?

12 Answers12