
Someone forged my resignation letter - techolic
https://workplace.stackexchange.com/questions/91643/someone-forged-my-resignation-letter
======
MrQuincle
I wouldn't be surprised if this actually didn't happen. Let's see if there are
elements in the story that stand out if we take this perspective. (It is much
harder than detecting photoshop effects).

\+ He could have been on holidays, or getting a child, but it is the death of
his mother. Of course, we are gonna feel really bad for him. That's really
good for the story.

\+ The security of the system is such that on one hand a dongle is needed, but
on the other hand someone can fake sending email through your account. This is
apparently widely known by non-expert colleagues to just joke around, but not
known by the security staff.

\+ Technological "details" that do not seem to make sense such as SQL to make
it sound like a true story to the uneducated.

\+ The writer already assumes that we think he is lying. Hence, he comes up
with the dongle story. We would already have been fine with his word that he
just didn't send the resignation letter.

\+ He physically shows up 6 weeks later without checking his email once (reply
email). Of course the effect of the story is much stronger in that case.
However, is it very likely not to check your email at least just before you
show up at work 6 weeks later? [Edit: incorrect assumption, see @c8g.]

Then what would be motive of the person asking the question. It is a throwaway
account.

\+ A researcher who wants to see what the difference is between a fake story
on Facebook versus one asked on StackOverflow? How could such an effect be
properly compared?

~~~
c8g
> is it very likely not to check your email at least just before you show up
> at work 6 weeks later?

a work dongle is needed to read reply email and he said that he didn't bring
it.

~~~
MrQuincle
Of course, my bad! That actually neatly fits the story line.

------
johngalt
I wouldn't be surprised if that "someone" was the CEO or someone working on
the CEO's behalf. What else could even make sense?

Even if some coworker had a grudge or a bone to pick with OP, they had to know
that OP would return eventually and any CEO worth his salt would demand
answers immediately. Specially considering the legal risks exposed here for
firing someone on FMLA qualifying leave (assuming US).

Weigh that against a CEO who accepted a resignation and re-hired for the
position based on a single email alone without so much as a follow up call.
When OP returns seems lackadaisical about investigating. Seems fishy to me.

~~~
ghughes
The whole thing smells like fiction, and this is the very first post from a
days-old Stack Exchange account.

> It could’ve been a colleague because I know there is a backdoor way to send
> emails using someone else’s account via some sort of a SQL database thing.
> We used to do it as jokes but it was never used for something like this

That in particular is setting off my troll radar.

~~~
Gaelan
I mean, the "first post" thing is hardly a red flag--it could be a throwaway,
or just the first time this person had felt the need to ask an SE question.

------
skrebbel
Hardly related, but does anyone know why resignation letters are so popular in
the first place? When I quit the only job I ever had, I went to my boss and
told him I wanted to quit. We had a constructive conversation.

Now, this company has a very strong "talk about it" culture, with super
supportive management, etc. No bureaucracy or paperwork anywhere.
Nevertheless, my boss was totally surprised that I wanted to _talk_ about
resigning. Pleasantly surprised I might add, but still: In his entire career,
every employee who had left had written a letter and left it at that.

Why do it that way? Of course I understand if there's fundamental
disagreements or deep unhappiness, it's a good way to keep emotions out of the
way. But that wasn't the case here, and everybody I know who left that company
left it on good terms.

I ask because I'm an employer now. I try to be a good and open-minded boss,
and I'd much rather have someone tell me what's going on than receive a letter
out of the blue. Is this wishful thinking?

~~~
michaelt

      does anyone know why resignation letters are
      so popular in the first place?
    

My employment contract literally says "Your employment may be terminated
either by you or by us by providing X weeks written notice" and while I could
work to get that language changed, I don't imagine such a change would deliver
measurable business benefits.

I suspect many employment contracts are the same, lawyers having seen that
clause in some 25-year-old textbook.

~~~
notahacker
Yeah. I've always explained my decision in face to face discussions, and the
first thing they ask once they've confirmed that is definitely what I want is
if I could write it in a letter please.

------
ars
I would tell him go to the CEO and say:

"The letter was a forgery, someone in your company is unethical, and you
should find out who.

As far as I am concerned I am thinking of suing, but if you simply paid out my
leave I would be satisfied, and finding the unethical employee will be on
you."

And that's it. If the CEO is as honest as the question makes him out to be,
this should be enough, and it's much simpler. If not, then you lost nothing,
and can sue, get a lawyer, etc, as all the answers suggest.

~~~
zaqokm321
> As far as I am concerned I am thinking of suing, but if you simply paid out
> my leave I would be satisfied.

You know to many that type of language would be interpreted as a threat. You
might also take into consideration the CEO may legitimately believe the
company has done no wrong in this case. Not all people/companies respond to
threats by getting scared, many fight back.

The allegation which is being made, is that the company accepted a
fake/fraudulent letter. It will be highly unlikely that a company would openly
admit to be such a victim, unless it was in their best interest.

> If the CEO is as honest as the question makes him out to be, this should be
> enough, and it's much simpler.

This is business, a CEO's job is to protect the business not kowtowing to
someone who is threatening to sue.

~~~
JumpCrisscross
To add to that, I do not delineate between threats to sue and suing. If you
threaten to sue me I will instruct my lawyers to beat you to the courthouse
with a countersuit. I've found this attitude tremendously clarifying in the
long run.

~~~
RugnirViking
To clarify: what do you propose the countersuit would be?

------
bouncycastle
Using a throwaway...

When I was working at a previous company, my manager jumped on my PC and used
it to send an email from my account to my colleague, while I was out on my
lunch break. It was a joke, which I thought was highly unprofessional. I asked
my colleague, and he said that he seen the manager use my computer. I
confronted the manager and she owned up to it. I've asked her to explain, and
her excuse was that I should have locked my PC and I didn't take it anywhere
further. However, I could see how a more serious incident could happen, so I
wouldn't be surprised if it was the CEO where hubris can run rampant at those
levels. Usually companies would have audit logs of who and when the account
was accessed, I would start looking there.

~~~
oillio
At a previous employer I worked at, this was pretty common. If you left your
computer unlocked for any amount of time, you were pretty much guaranteed to
be screwed with. Because it was so common, it wasn't a big deal. If you got an
odd email from a co-worker, you assumed they must have forgotten to lock their
computer.

It was a security related company, and the general excuse was that the
practice was intended as negative reinforcement to push everyone to have
better security practices. I don't know if it was a good or bad culture to
have. I can tell you that, to this day, I never leave my computer unlocked.

~~~
Beltiras
It's bad culture. For productive environments you need coworkers to trust each
other. Frequent office pranks do not foster that.

~~~
mseebach
Pranks are a sign of trust. The trust bit is that you _only_ use it for pranks
and not any of the myriad other things you can actually do with a logged in
computer. But the pranks should be a reminder they might just as well not have
been a prank, and that you should bloody well lock your computer already.

~~~
Beltiras
Can't find it at the moment but I remember Adam Savage once saying that him
and Jamie Hyneman never play practical jokes on each other. It would end up
with one of them duct-taping the windows on the other one's house to fill it
with water. Don't prank your sysadmin. It won't end well for you.

~~~
spuz
For context, the two Mythbusters presenters have famously different
personalities and are not exactly friends. This reinforces the idea that
pranks are generally done between people who feel they can trust one another.

~~~
Beltiras
There was trust between them. Trust does not require compatible personalities.
Both of them have spoken at length about their working relationship. Part of
that trust was knowing the other one would _never_ condone or sign off on
pranking. Adam was pranked once with a cattleprod and it resulted in firing
the producer that was responsible (and Jamie was not in on it).

Pranks are cheap laughs, slapstick humor. It does not belong in a work
environment.

------
_ph_
As said on stackexchange, you should get a lawyer and contact the authorities
as a felony has been committed. Even if the company isn't involved in the
events, they should not treat you as they did and owe you a proper severance
pay.

~~~
meepmorp
Getting a lawyer is a fine idea, but if this happened in the US, they don't
owe you anything apart from optional COBRA (medical insurance for purchase).
Severance pay is not required, and is typically not paid if a person
terminates employment of their own volition. Even if a person is fired/laid
off, severance isn't mandatory and is mostly about protecting the company from
litigation/employees going to competitors.

------
pkaye
How do people afford a knowledgeable lawyer and forensics expert as mentioned
in some of the replies? Don't they get expensive fast? What if you lose the
case... how much money will you be out?

~~~
jerven
Many people have legal dispute insurance (at least in Norway, Netherlands, and
Switzerland[1] this is not uncommon once you make a normal IT salary). It is
not that expensive and well worth having. They wont pay for top lawyers, but
it will pay for legal advice and normalish proceedings, especially on common
legal areas related to hiring and firing.

Secondly, advice about going to lawyer does not mean sue until it hits the
supreme court. It means, get professional advice on the likely outcomes of the
different actions. Such as what kind of settlements can you expect, are you
like to win on procedural grounds etc... How to best proceed etc... and what
outcomes are acceptable to you.

This kind of advice will give you an expected ROI on different approaches that
are available to you. Upon which you make an "investment" decision on which
approach will be the best for you (not always financial). Normally such a
conversation won't take to long and will not be billed at the legal firms top
rate.

[1]: [https://www.generali.ch/en/privatkunden/haftung-
recht/rechts...](https://www.generali.ch/en/privatkunden/haftung-
recht/rechtsschutzversicherung) (which is the one I pay for)

~~~
eridius
Speaking as someone in the US, I've never heard of legal dispute insurance
before.

~~~
spuz
In one of the most litigious societies in the world? I find that extremely
surprising. How are all these ordinary people able to afford suing big
companies because they burnt their tongue on their coffee?

~~~
skookum
[https://en.wikipedia.org/wiki/Contingent_fee](https://en.wikipedia.org/wiki/Contingent_fee)

------
camus2
> You need to talk to a lawyer, ASAP.

The only acceptable answer.

If someone forged your email it becomes wire fraud thus criminal act under
federal law. You should consult a lawyer now.

~~~
crispyambulance
The "get a lawyer" advice gets tossed around workplace.stackexchange WAY TOO
OFTEN and basically snubs discussion.

Getting a lawyer, at a minimum, means forking over a few hundred dollars just
for some advice. Going beyond that we're talking hundreds to thousands more
for the lawyer to merely write a letter. Going further beyond that, it then
becomes the plantiff's "life work" to deal with the court system while paying
many thousands to the lawyer for, AT BEST, an iffy outcome after months of
drudgery, and yes, then face being effectively blacklisted in the local
industry.

That said, there are some good reasons for people to get a lawyer but getting
fired with a dirty trick (assuming the dubious story is even true) is rarely
one of them.

~~~
LyndsySimon
> Getting a lawyer, at a minimum, means forking over a few hundred dollars
> just for some advice. Going beyond that we're talking hundreds to thousands
> more for the lawyer to merely write a letter.

This has not been my experience at all.

A few years ago I had a dispute over a commercial lease agreement with my
landlord. I did all the research I could and wrote a short summary of my
position on the matter, along with a few relevant citations. I made an
appointment with an attorney and asked that she write a lease addendum that
terminated the lease immediately and held harmless both parties, which
included my reasoning for doing so.

I paid her $120 for her time to write the letter, and it was invaluable as
leverage in negotiating with my landlord - there's a big difference between
saying "I'm gonna sue!" and bringing a document to the meeting prepared by
your attorney to resolve the disagreement.

Hiring an attorney doesn't have to cost a fortune - you just have to take
steps to minimize the time they have to spend on your case.

------
lancewiggs
I would write a formal letter to the board of directors (and perhaps key
external shareholders) as well. It doesn't have to be much - even a forward of
the post, letting them know that it refers to you and their company.

If they are complicit - it makes a paper trail for others to discover. If they
are not complicit then the CEO will get instructed to do the right thing.

------
midnitewarrior
If you could see the email, look at the email headers. It should indicate what
IP address and email program sent the email, as in, it may say SQLMail and it
IP of the machine.

~~~
Tomino
Finally someone using their head instead of just blindly speculating. SQL
keeps history of commands as well. Plus if this company is so "advanced" that
they use some kind of SQL procedures to send email, I am sure there are plenty
of other audit trails they can follow to verify where the message came from.

All-in-all, the fact that he mentions he exploited security hole in his
company and then calls it "SQL thing" screams at me: FAKE

~~~
ealhad
> All-in-all, the fact that he mentions he exploited security hole in his
> company and then calls it "SQL thing" screams at me: FAKE

Why? That doesn't surprise me at all. As a (Computer Science) student, there
were a lot of jokes (e.g. connecting to other computers, and doing... stuff)
involving scripts that most people just blindly copied, without understanding
them at all. And I have seen the same last year during an internship.

------
strictfp
Re-use the expoit to resign the new guy.

~~~
philbarr
Or, since the CEO takes these resignation letters as undeniable fact, use the
exploit to resign the CEO.

------
Mao_Zedang
How do you accept your exit package without signing anything in person, I have
never had a job where a single resignation email was enough for HR to close
you out as an employee, this smells super made up.

------
mbubb
"ain't passed the bar/ but I know a little bit"

He probably does not work in a 'right to work' state as the employer would not
need to justify their action with a resignation letter.

[https://en.wikipedia.org/wiki/Right-to-
work_law](https://en.wikipedia.org/wiki/Right-to-work_law)

The scenario is odd - I understand dropping things to take care of a relative.
But a 6-week interval is too great in this day. There should have been some
further communication of intent.

~~~
lostboys67
I suspect the country is India or possibly some one working in a body shop in
the US

------
b3lvedere
"We used to do it as jokes but it was never used for something like this and I
can’t imagine anyone that would hate me enough to go this far."

It's all fun and games, until ...

~~~
arjie
What even is the point of requiring a dongle if you can do this? Checkbox
security at its best.

~~~
dx034
You can do this with most systems. Just edit the From field in a script.
External emails will usually be blocked and you can still see in the header
that it was not sent from the actual account so that the risk of fraud is low.

If it happened with a script it should be easy to find out by looking at logs
and/or header.

------
jangid
It is difficult to believe that the guy has sent a resignation email and the
CEO didn't even talk to him over the phone.

~~~
spuz
It's possible the CEO did try to ring him but didn't get hold of him. From the
lack of response the CEO assumed the guy was serious about his resignation and
went ahead.

~~~
jangid
The author hasn't mentioned it. But yes, it is possible.

------
forvelin
Local IT guy in the company is only person to help most likely, it would be
first person to reach for such sneaky task. Either he would know or would have
logs.

Though, seems hard to solve, especially if he is out of US/Europe.

~~~
BugsJustFindMe
> _Either he would know or would have logs._

Uh...or be the culprit.

~~~
sockgrant
Yeah. But if he's not the culprit he's the best person to help.

Also, unless there's a personal vendetta, the biggest motive for someone doing
this is someone that doesn't want to pay the expense of an employee on leave
for awhile.

------
forgotpwtomain
Why is this on HN? The top-voted comment here calls it fake, not a single
comment adds anything substantial that wasn't written on SE. As far as I can
tell it's just tabloidish voyeurism...

------
ForFreedom
You don't need a dongle, backend sql db or infact anything to send a forged
email but just a terminal on linux would do.

The company should have investigated if he did or didn't send the email

------
adxlarbi
My only question here, why he haven't reported the email backdoor to the IT ?

------
partycoder
Someone was probably ghetto testing the possibility of doing it.

------
bitmapbrother
>It could’ve been a colleague because I know there is a backdoor way to send
emails using someone else’s account via some sort of a SQL database thing. We
used to do it as jokes but it was never used for something like this and I
can’t imagine anyone that would hate me enough to go this far.

Most places would escort you out of the building for doing this.

~~~
andy_ppp
My friend got managed out of the BBC and had emails confirming a promotion
deleted from his inbox; unbelievably they were still in his trash folder.
Someone else was promoted in his place while he was away on holiday. Nothing
surprises me anymore when people have a sense of entitlement to someone else's
promotion.

------
Kenji
Well, if the employer is just like "Well, sorry, too late now, we don't care
that it's a forgery" then maybe it was a good thing you can move on.

~~~
Normal_gaussian
Except now he's out of pocket

~~~
mcv
Yeah, some severance pay would be appropriate at least.

