We have come across corporations and individuals who have had their ‘sent’ emails altered by hackers to make them look guilty of unethical and even criminal behavior.
The resulting story put the company’s leaders in danger of prosecution under the U.S. Corrupt Foreign Practices Act. In one case, an international company based in the United States had its old sent email to a foreign government altered to include the offer of a bribe. The hacker – believed to be hired by a competitor – altered the responding email from the foreign government expressing gratitude for the bribe and assuring the company that this would be a no-bid contract. These emails were then “leaked” to a muckraking, online journal.
It took months and hundreds of thousands of dollars spent on lawyers and IT forensic work to demonstrate to the authorities that these emails were interpolations.
The worst part of this story? The executive who sent the original email that was altered was confused when he saw the interpolation sandwiched within what was obviously his language. He wondered aloud if it is possible that he had done this – even though he was perfectly innocent.
So what can you do?
Ask your IT people if it would be appropriate to enable third-party, non-repudiation through certificates and encryption, as well as email archival programs that preserve "true-copy," legally admissible emails. Don’t try to understand it. Just ask.
For important emails, it also doesn’t hurt to print it and retain a paper copy in your file.