someone sent a dirty email from my work account — but it wasn’t me!

A reader writes:

This is so embarrassing! I use my personal smart phone for many things, including work email. Work is ok with this and in fact proves a little extra on my pay to cover some of the cost.

I struck up a conversation with one of the regulars at a local pub over my phone. He asked if he could check email because he was waiting for an important message. Since I’ve seen him there a number of times, I logged him in on his gmail account and handed him the phone.

A few days later, I noticed an odd message in my “sent” files on my work email. Turns out, his “important messages” consisted of answering a personal ad on Craigslist. It was graphic…he did not leave much to the imagination. Apparently, when he answered the ad from my phone, it used the phone’s default email (my work account) instead of his.

I am shocked…and terrified….that it might’ve been flagged by a filter that I’m sure IT surely has. Don’t they all…good sized privately held company.) To make matters worse, we’re both men of about the same age.

I am caught between just going straight to HR and discussing this and just laying low in fear.

Ugh, this sucks, because there’s no good solution here. If you go to HR, it might turn it into a problem that they otherwise never would have noticed. But if you don’t go to HR, and it does get noticed, then do you look guiltier for never having mentioned it?

What about a different option — telling your manager, rather than HR? Your manager presumably knows you better than HR does, knows that you’re credible (hopefully), and will know you well enough to tell by your demeanor when you have this conversation that you’re both mortified and telling the truth. You can simply say that you were horrified when you realized what happened, that you didn’t know if you should tell anyone in case it was noticed, that you want to go on record as telling him about it in case it comes up later, and that you will never loan your phone out to strangers again.

Honestly, that will probably take care of it. Your manager is unlikely to think that you sent the message yourself and then called more attention to it by concocting this story. (And if she does think that, please be openly indignant — since that is in fact what an innocent person would do.)

It will probably be absolutely fine. It could potentially even end up being funny, depending on what your manager is like.

Meanwhile, what the hell is up with this dude in the bar feeling that it was urgent to send graphic responses to Craigslist ads? And how will you handle it the next time you run into him? I’d really like to hear that story.

{ 89 comments… read them below }

  1. skylark*

    Why not contact IT? They are more likely to take a dispassionate view of it than HR or your manager.

  2. AdAgencyChick*

    O…M…G! The nerve of some people!

    I’d say go to your manager, and also ask him/her whether you should go to IT. I don’t THINK there’s any way this dude could have downloaded a virus onto your phone…but IT may want to know just in case.

    1. Anonymous*

      It sounds like it is the OPs phone not a company provided one so IT (depending on the specific IT department) is very unlikely to care about virii potential.

      1. Jamie*

        True, IT probably isn’t supporting BYOD phones, but it’s still their business that the company email server was used to solicit sex.

        And this is why BYOD allowances are such a abad idea. It’s thei down device so people think they can do with it what they will…disregarding the responsibility you incur by being networked.

        I’ll be honest, if someone came to me with this I’d want to know – and I’d use it to make a case against BYOD for everyone.

        I understand that the OP wasn’t being malicious, but either the ignorance of how mail would send or the total disregard of involving his company in his bar activities caused his IT department to assume a risk they shouldn’t have to – I’m sure they have better things to do.

        If the sexual activity being arranged was illegal this could have been a mess for the comany as a whole and could get the OP in legal trouble. I’m not feeling much compassion here, because I cannot for the life of me wrap my head around handing your company networked phone to a stranger because pure seen him a couple of times before. I’ve seen my mailman a bunch of times, I don’t give him the keys to my house.

        1. KarenT*

          I wonder if the phone was networked. I can access my email on my personal phone, but it’s through a web based app, not the company server.

          1. Jamie*

            Its pretty tough on a web based app to accidentally send from there. Something like this could easily happen on a phone networked via exchange if he logged the person into gmail via the email app and not webbased.

        2. BW*

          I cannot for the life of me wrap my head around handing any phone, work or personal, over to a stranger in a bar to use for their own email.

          1. badger_doc*

            Exactly! I don’t even let my friends/family use my phone. I have personal texts/pictures on it that I would prefer they not see. In addition to when I had my work email on my personal phone, I was always very careful about password protecting it and not letting it out of my sight. We had very proprietary information communicated via email. Never ever let anyone use your phone if it has important work-related info on it. That includes kids.

          2. Natalie*

            Depending on how regular the OP is at the local pub, another regular might not be a stranger, per se.

            When I was a teenager and pre-drinking-age adult, I spent most of my free time at a coffee shop and made a lot of acquaintances in the other regulars. I probably let at least one of them use my laptop briefly, while standing over their shoulder.

        3. Anonymous*

          This is very true. (Assuming it is Exchange server accessed as well.) One of the first things the OP could do is set it so that the work account is not the default sending account. If it is currently set that way the friend had to go out of his way to send this and was either pranking or something else. But you should definitely not have it set as your default email account.

        4. K*

          It’s not great, but the odds of this getting the OP into actual legal trouble are about 10,000 to one against. And I cannot think of a conceivable way that this could get the actual company intro trouble unless the OP is somehow extremely high profile and this could be leaked to the media (I assume he’d mention if this was the case). He’s learned his lesson; he should explain it sheepishly to his manager and move on and yeah, not give his phone to drunk guys in the bar anymore. But I don’t really see the need to indict him more generally. It’s not really that big a deal and conjuring extraordinarily unlikely worst case scenarios isn’t that useful, I don’t think. The fact that we can conceive of a highly specific set of facts in which this would be a big deal doesn’t mean that it is.

          Also, I’m happy to check and respond to e-mail in non-work hours, but I’m not happy to lug around an extra device that I have to remember to keep charged and to be attentive to. (In return, I do keep a higher level of protection on it than I would bother with were it purely personal.) Companies don’t just allow people to put work e-mail on their personal phone because they’re stupid; there are actual legitimate reasons why it’s worth taking the (minor) risk to allow responsible employees to do so.

          1. Jamie*

            If a company wants to take what you consider s minor risk then they assume this kind of thing can happen. That’s is why many companies have strict policies against BYOD devices on company networks and I have yet to meet an IT professional I respect who would allow them.

            And we’ll have to agree to disagree on the level of risk. If you’ve ever spent hours pulling emails and documenting e-trails for company lawyers because they need evidence of something you’d know how that kind of task can cause a lot of forced OT for the IT who has to do that on top of their normal duties. There are illegal activities arranged on Craig’s list all the time, so I don’t buy the risk being minimal.

            I umderstand the convenience of those OT issued company pones to have access to their email, but it might also be convenient for everyone to have a opt of the office key and alarm code so they can work their own hours – but rare is the employer that gives everyone that level of access. Again if an employer wants to disregard best practice and allow this because they won’t issue phones to those who need off hour access (or tell people no who don’t need it) then hey knowingly incur this risk. You don’t think this is stupid – I disagree. Hopefully the IT people who have to deal with this kind of thing will move on to companies who have better security policies.

            1. Jamie*

              Sorry for the typos and less than dispassionate argument. This isn’t the place for my opinions on this topic and I should have deleted before posting.

              1. KarenT*

                I actually enjoyed your argument, for the reason that I’m rarely privy to IT’s perspective. I deal with a lot of business units in my role, and we often get mandates from IT (no more doing this, this is now banned) but we never fully understand why. This is illuminating for me.

                Out of curiosity, what is your feeling on web based mail from an IT security viewpoint? My company has web based mail access so people can get on their email from home if they need to but don’t have a company device at home. (Ie., I’m not expected to check my email from home, but I can get on the webmail in case I do need to).

                1. Jamie*

                  Web-based email is more about risks unsecured data than a risk to the network…so that’s more of a trust issue (as you’d trust them to take home files in hard copy or on a flash drive)

                  My concern is unsecured devices (or devices where the security isn’t under the purview of IT) accessing the network. For example, for our remote users I issue laptops, iPads, phones, etc. these are company owned and the data company paid. Before hey take receipt they sign that they are for work usage only and they agree to usage policies and security protocols – in writing. That doesn’t make it secure, there is still trust involved because I’m not locking it down like I’m machiavelli. But IF you remote in and the machine is infected it removes the element of whether it was your teenage kid, or brother in law who loaded the games, porn, etc. and caught the virus. Because I have the employees signature hat he/she assumes responsibility on our device.

                  If its their own device it’s not cut and dried and they can loan it out. That’s why, for the employees sake, I truly believe that if a company wants them to have off hour access they should supply the phone, because an employer shouldn’t limit what a user can do with their own device (lend it) nor should any device with company access be out of control of the employee.

              2. A Bug!*

                I would read your blog if you wrote one, Jamie. Jamie’s True Tales from IT, banner all looking like the cover of an old pulp horror novel. When you relate things from your work in your comments here you are excellent at writing in a way that makes sense to me as a layperson without condescending.

                It’s clear you really care about your work, rather than just the eye-rolling disdain for users that can come through in some IT workers’ attitudes.

            2. K*

              Going through e-mails for lawyers is a nightmare regardless of whether it’s on personal devices or not. That kind of ediscovery isn’t going to not create an extra burden for IT just because it’s involving only e-mails sent from company-issued phones. (What a lot of companies do – and I think this is going to be the only thing that’s not going to create a huge burden) is to outsource it to firms who specifically deal with that kind of thing. Nor are people who are going to be dumb going to never be dumb with company-issued phones either. We’re not talking about every stupid thing someone does with work e-mail or a phone; we’re taking about the narrow extra set of issues that are created by a personal phone with company e-mail over a company phone. And for people who are tethered to that phone all the time instead of just being on call occasionally – well, there’s a reason there are a number of industries where it’s pretty common to allow company e-mail on personal phones.

              And in order for the OP to get into legal trouble, the following would have to have occurred: (1) the ad would have had to have been illegal; (2) the authorities would happen to have to track a one-off response to that specific ad (since obviously the guy isn’t going to respond to any follow-ups); (3) that particular one-off would have to have violated the law in and of itself (again, the guy is obviously not going to be meeting up with the hypothetical prostitute to get caught up in a police sting); and (4) there will be no way to demonstrate that the guy didn’t send the e-mail.

              It’s possible, but it doesn’t strike me as particularly likely. Again, doesn’t mean it’s a good idea to hand your phone to guys in bars, but I also wouldn’t be spending sleepless nights contemplating the authorities hauling me away were I the OP. I’d experience roughly the same amount of nervousness I experience when I go through international customs and contemplate whether someone snuck drugs into my bag Brokedown Palace style.

              1. K*

                I guess ultimately my point is: I’ve sworn multiple oaths to handle client information appropriately and I could be personally liable if I don’t. If my employer thinks I can’t handle having it on a (properly secured) personal phone vs. a similarly secured company phone that doesn’t happen to also have personal information, they should fire me now because I shouldn’t have access to that information at all. They’ve concluded that I can be trusted with that information; making my life easier by allowing me to carry one device around with me does not seem like the critical issue here.

            3. Amanda*

              How much illegal activity does happen on Craigslist though? While I would agree that it’s not the safest or smartest place to find casual encounters, I doubt there’s anything as icky as encounters with children or outright prostitution. I mean, if Craigslist was a hub of illegal activity, as well known as it is, wouldn’t it have been shut down already?

              1. Natalie*

                There’s actually quite a bit of prostitution facilitated on Craigslist. A year or two ago they shut down their “Adult Services” section, which was supposedly for legal-but-sexual services (i.e. hiring a stripper) because it was nearly all used for prostitution, including prostitution of minors.

                My understanding is that quite a few of the ads in the women seeking men are thinly veiled ads for cam girls or IRL prostitutes.

                1. Amanda*

                  Seriously? “Adult services” seems to have come back in the form of “casual encounters.” (Not that I’ve looked, but I use craigslist for job-searching and finding the going rate for apartments in certain areas and the frontpage lists ALL their services.) I’m surprised this stuff is still going on, since craigslist is so well-known and it’s not some shady underground site (well it IS shady but at least everyone recognizes the name).

                2. Natalie*

                  @ Amanda

                  It’s probably precisely because Craigslist is so popular and potentially anonymous that there are so many prostitution ads there.

                  IANAL, but my understanding is that websites that host user-generated content were placed under the same safe harbor provision that protects ISPs from the actions of their users.

            4. Anonymous*

              We use an app that creates a secure container for email, calendar and files for BYOD. It keeps corporate email and files secure and completely separate from the rest of the device, and when an employee leaves, we can remotely wipe the container and revoke the key without affecting any of the device owner’s personal data. So far, it’s working well for us.

          2. Anthony*

            I had a similar problem…i was the culprit,i sent an innapropiate picture ,when i realized i had used my company email i deleted the email from the sent folder ..that was almost a year ago .i spoke to my manager told him . I was very concerned and that it was a mistake,he told me if called him on it he would try and take of it and told me never to do it still looking over my shoulder …..

        5. Anonymous*

          From an IT perspective, sure, BYOD is a terrible idea. From a management cost-cutting perspective, and from an employees-want-to-use-shiny-iThings perspective, unfortunately it looks like a win-win. I get where you’re coming from, but I suspect that BYOD won’t die any time soon.

          1. fposte*

            As I’ve horrified Jamie with before, it’s utterly the norm at my university. I suspect that whatever evils the students do on the network will eclipse anything we can get up to anyway.

            1. LJL*

              I second. In higher ed, BYOD has to be the norm. When I went from HE to a private company, I was amazed at the restrictions on access.

  3. Kerry*

    Meanwhile, what the hell is up with this dude in the bar feeling that it was urgent to send graphic responses to Craigslist ads?

    He was hoping to get lucky that night, obviously! What’s more urgent than that? (From his perspective…)

  4. Sasha*

    Well, this just reinforces my belief that I should trust no one, ever. Ew.

    I would probably talk to my manager as well, like a “heads up, this really embarrassing thing happened…” I’d rather she hear about it from me first than anyone else.

  5. Not So NewReader*

    It sounds deliberate to me. Most people would notice that the wrong email address had been included in the message. Uh- that is most people but not all.
    Can you put a block on the address that it was sent to?

    1. twentymilehike*

      It sounds deliberate to me. Most people would notice that the wrong email address had been included in the message

      I wouldn’t assume that, though. I often overlook the sent-from address when emailing from my phone. Not because I’m a bone-head (though I certain can be …), but moreso because I am used to skipping over it.

      I would think that if you log into the web-based app from a computer, you could block the address it was sent to; that would be the first thing I’d try. It’d probably be worth a shot asking someone in IT for help with that, telling them the story, and best case scenario, everyone has a laugh.

      I’m looking on the bright side today.

      1. A Bug!*

        Yeah, while malice would be on my radar I wouldn’t be too quick to give it more weight than the alternative. It could be a pretty easy mistake to make – my own desktop e-mail software has several accounts tied to it, and regardless of which account received the e-mail, my software automatically replies from my primary one. And I’ll be the first to admit that I’m basically incompetent when it comes to working my smartphone in most respects.

        I do think the guy’s a bit questionable if he thinks it’s okay to borrow someone’s phone for the purpose of accessing or sending explicit content without first disclosing that to the phone’s owner. But that could as easily be another symptom of his cluelessness as an indicator of bad intent.

      2. fposte*

        I wasn’t thinking so much malice as just something he thought of as goofy pub ribbing, based not so much on the impossibility of a return address error as to the sudden need to check Craigslist and to use somebody else’s phone to do it.

        But we will probably never know just what possessed this strange individual.

    2. fposte*

      I’m kind of thinking “deliberate prank” myself. I might ask quietly around the pub if he’d done this to anybody else–it could be old Reg’s regular trick.

      1. Not So NewReader*

        Yeah, the pub owners might want to know that people are using their pub in ways no one ever intended.

  6. Joanna Reichert*

    Oh boy, this is a really icky situation. It’s too bad it’s not funny – like my raunchy experience a few years ago.

    I was working in a large retail store that received calls locally and nationally. I was attempting to call a customer back via the 800 number they had given me. I dialed, waited, listened to the really weird sensual music that starting playing, and then a husky voiced woman began telling me of the things she wanted to do for me.

    I panicked, slammed down the phone, and red as a tomato I rushed off to find my manager so he could explain to HIS boss why the retail employees were dialing sex lines. He thought it was hilarious and smoothed it over for me.

    I hope the OP has an understanding boss. And there will be more discretion with his phone in the future, I’m sure!

    1. BW*

      Someone on my team once made a typo on a conference call 800 number. So people were dialing into a sex line…important decision making type people. Luckily, they had a sense of humor about it!

      1. twentymilehike*

        Someone on my team once made a typo on a conference call 800 number

        Hahaha … the SAME thing happened to me one time, we were all IMing each other when the meeting was supposed to start, because no one could figure out how to get past “for men who want to speak to women, press 1 …” LOL

        1. skylark*

          Maybe I’m biased but I don’t think the ‘H’ in HR is for ‘humor’ that’s why I would avoid them as much as possible in this case.

    2. moss*

      I tried to call in to “wait wait don’t tell me” radio show but I dialled 1-800 instead of 1-888 and it was a sex line. I haven’t tried to call back, 5+ years later. Would love to be on the show though. :)

    3. Elizabeth West*

      Ha ha ha ha ha! Oh no. Good thing your manager was cool about it.

      I worked at a shopping paper once, and they told me a story about a former employee who had typed up an ad for an older lady who was selling one of those little organs–I think the kind that played rhythms and such. Instead of “organ,” the employee entered “Org@sm for sale.”

      They had to refund the lady’s money, and run the corrected ad for free until the item sold.

    4. Anonymous*

      I also had a similar situation. I’m not sure why, but the ads that popped up on different websites seemed to change when I switched from using the IE browser, to Chrome.

      I was on LinkedIn for my work as a recruiter, and an ad for Adult Friend Finder came up (and it was VERY explicit!). Not only was it on my work computer, but it was during the workday!

      I told my boss about it in a joking way, and also sent a message to LinkedIn to see if it was a problem they could fix. I definitely wouldn’t want anyone to think that I was deliberately looking at pictures like that!

  7. Wilton Businessman*

    I’d let it go and play stupid if it comes up. It’s probably a non-issue.

    It also depends on how your company handles these types of things. If they’re real tight-a*@ about things like this, you’d be better to perform a preemptive strike and inform your manager. Surely if they are that concerned with it, they will be able to confirm it was sent from your phone.

    But in most companies, bringing it up will give you more trouble than it’s worth.

  8. Cathy*

    It’s really not very likely that anybody is scanning or monitoring your email unless you’re in a regulated industry such as finance or there’s some other reason for HR/IT to be concerned about your activities. One inappropriate email that was sent outside of business hours with some other name in the from address is probably not a huge concern and I wouldn’t even mention it.

    It is more likely that your web surfing is recorded and possibly that log is scanned periodically. Your work computer’s hard drive as well as files you store on a shared server may also be scanned for inappropriate content. In order to prevent this email from showing up in that type of scan, delete it from your sent items/archive and empty your email trash so that there’s no longer a copy of it on your computer. It may still appear if your IT dept scans the email server’s archive or backup for offensive content, but I think you can address that when and if it comes up.

    Your IT department should have a security policy regarding the use of company email on personal devices though. You blithely handed your phone with your business email that presumably contains your company’s proprietary information to a stranger in a bar! This is likely to be a much more serious violation of your company’s security policy than the actual sending of the email through the company’s servers.

    1. skylark*

      I’m in finance and for sure everything is monitored by IT and compliance. It’s unreal. I don’t even mention this job on my linkedin account because I don’t want/need the scrutiny.

    2. badger_doc*

      That’s not true. Email can be monitored/filtered for certain words. Large companies that have proprietary information usually filter through emails going to third party vendors to make sure nothing is being leaked. As such, email can also be filtered for certain types of language like profanity, sexual references and the like. I would be concerned.

    3. Laura L*

      My work email is automatically saved to a server somewhere, so all emails sent to or from my account exist forever, even if I delete them from Outlook. This could be the case at OP’s company.

      1. LJL*

        And probably is the case. IT has better things to do than to sort through everyone’s email, but usually the archives are there if needed.

        1. Laura L*

          Exactly. So, it’s still a good idea to be careful about what you use work email for, but it’s probably not being actively monitored.

  9. George Clingerman*

    It’s really an unfortunate situation all around. Not only do you need to be worried about their reaction of the email sent, but also the security implications to the company of the phone being given to a semi-stranger in a bar.

    Not that you necessarily deal in top government trade secrets, but generally this is how hacking works in todays age. It’s less technical and more about social hacking. There’s definitely a security risk from an IT perspective of employees having work accounts on their personal phones and not taking appropriate precautions. Access to the company network and private information can start with something as innocuous as lending out your phone.

    I didn’t want to add more fuel to the already hot fire of worry, but I was seeing mention how going to IT might elicit a more dispassionate response and I’m not sure that would actually be the case depending on the size of the company.

    1. Jamie*

      Yes, dispassionate wouldn’t be the word I’d use as a common IT response. As IT is more likely to understand the potential danger than perhaps others it would be more correctly addressed – I can’t imagine any of the IT people I know finding this funny in the slightest.

      1. skylark*

        They might not find it funny but they would understand the myryad ways something like this could happen, and more importantly, why it’s reasonable it happened as the OP described.

      2. Job seeker*

        This is just awful. It goes to show how we really need to guard our privacy more carefully than we do. I have been more trusting in my life of others and this shows the other side. I am not knowledgeable about IT things like you Jamie. I do know my husband reminds me of how social media has made your privacy something you must guard. I would not find what happened here funny in anyway.

  10. Anon*

    Was there any sort of attachment on the e-mails? In my experience, that is the thing that is most likely to cause a flag.

  11. akaCat*

    Where I work, the rule is to go to forewarn your manager in case IT or security comes calling. Though there’s no guarantee it’ll help if the issue’s gotten as far as security.

    I’ve had to do that a couple of times when I’ve made critical errors while typing in a url, and once when some really questionable ads popped up on a site that I intended to visit. (Ah, the places we’ll go when we’re trying to figure out what the heck error message 24876124389* means!)

  12. Katrina Prock*

    I would so call his ass out in the bar next time I saw him. And I’d lie. Perhaps by suggesting that his furry fetish did not seem to mix well with the adult baby fetish of the receiving party. Unless what he wrote was actually worse, then I’d just use his own words.

  13. Karyn*

    I can tell you right now, my boyfriend (who is in IT) would probably just laugh his ass off quietly in the background and let it go, if you’ve never had something like this happen before. Most IT people have no interest in seeing anyone get in trouble for one minor “indiscretion,” unless, of course, you’ve already done something to warrant attention.

    1. Jen in RO*

      That’s what I figured too. Our IT guys pretty much told us that they have better things to do than monitor our traffic, unless it’s something excessive (like taking up half the office’s bandwidth with YouTube videos). I doubt they’d even notice this one email…

  14. Elizabeth West*

    Oh WOW. >_<

    This would be one where if you go to your manager, you could say it like, "You are not going to BELIEVE what happened!" and then assure him/her that no one else will ever be allowed to email from your phone again.

  15. Skylark*

    But what if the OP had in fact sent that email himself, what’s the big deal? Unless what he was suggesting was illegal, I don’t see grounds for censure of any kind. Perhaps we’re being way too prudish, again not knowing the full details of the email. Sometimes we’re shocked to discover that our co-workers actually have sex lives.

      1. LJL*

        Not to mention against the technology/acceptable use policies for every company/school/other employer I’ve ever seen.

    1. KarenT*

      I’m fine with my co-workers having sex lives, but I’m not fine with them bringing those sex lives to work (such as by using compnay email to send a sexual message, though I realize in this case it was an accident)!

      1. KarenT*

        And I didn’t mean I’m fine with in that I think it’s my business or my co-workers need my permission, but that I”m fine with in the sense that I’m not prudish like Skylark suggests we are.

        1. A Bug!*

          I certainly don’t think it’s prudish to think it’s inappropriate to send explicit personal material by company e-mail. When you use a company network, you know you’re probably not the only person able to access it. You know there is a chance (and, depending on how the IT department operates, a very good chance) that someone else is going to see that content. And it’s really inconsiderate to say the least to subject a random third party to your graphic communications without their consent.

          You can be sex-positive while still understanding that sex doesn’t belong in the standard professional workplace.

          1. Jamie*

            Right. I have no problem whatsoever with people having healthy sex lives – I assume its a big part of the lives of most adults.

            I’m just opposed to doing it on company resources. I.e. rent a room, don’t just clear off your desk.

            In another thread awhile back someone mentioned, I think it was fposte but I could be mistaken, that what people do is their business as long as they don’t involve unwilling participants.

            I’ve cleaned material off computers (email and other files) hat exposed me to parts of former co-workers sexual lives that I had no interest in knowing about. When you risk an innocent bystander having to deal with parts of your baser needs that’s where it crosses the line.

            It’s the definition of unprofessional.

      2. Arts Nerd*

        My last boss accidentally sent a few work emails from a sexual email address. I was so glad he wasn’t on-site so I could inform him of his error via text message and not to his face.

  16. ChristineH*

    Chances are nothing will come out of it, but it wouldn’t hurt to mention this to your manager just in case. Don’t make a big production out of it; just mentioned what happened (“Just wanted to let you know in case IT/HR/whoever says something…”), say you’ll be more careful next time, and try not to worry about it.

  17. CMS*

    The situation could be worse. During my undergrad studies, a guy didn’t logged out of his desktop computer at university when he went to the bathroom. One of his friend/enemy sent an email full of profanity to all students of the class. (Well, IT should not allow any students to use the email alias, in retrospective.) IT openly reprimand that guy, who later sent an email apologized to all who received the email. (Alas, again, email alias!)

    I agree with ChristineH on not to worry about the matter. I’d bet the IT department doesn’t monitor *every* email to/from the company manually. Delete the email and any any replies if there’s any.

  18. snuck*

    I’d ‘fess up to my manager. If there’s going to be a stink raised about it he/she is going to get a heads up before they come looking for you. And I’d make it clear you’ve learnt your lesson. (And I’d get savvy with the technology and change whatever settings to make sure there’s a) no way it could happen accidently again, and b) the whole device is properly locked/passworded at multiple levels.)

    One real risk is that if you are using your own device and it’s not ‘standard’ for your team/position and you have it as a rare privilege then it might be revoked – but that’s fair – because you didn’t protect that privilege adequately. Better that than getting sacked.

    I have had people send me pr0n on work email servers (from work email servers, and to my work email address) and I would delete (unread if I had the chance, but often you didn’t know until you opened the email), reply “Please do not send me this sort of material, it is against work policy and I am obliged to report it to management which I will do in future” (I worked at times with fairly young/unprofessional staff.) And if the staff member had any history of being unprofessional for any reason I’d report it to their direct supervisor / manage them formally on it (if it was me).

    One of these was a hardcore pr0n pic once that I opened *just* as my own manager walked behind my desk and saw it. Ugh. That was a very firm kick in the backside for the staff member (who wasn’t working in my area) and a formal complaint.

    Why people think this stuff is ok (even young/unprofessional people) was always beyond me.

  19. skylark*

    He should not confess. Look how many unsolicited sex-related emails we receive and just delete without reading them? IT might’ve done likewise.

  20. Anonymous*

    There’s another issue here. If I were your manager, I’d be concerned that this unknown person who sent an email using your phone might also have been reading your emails, which may have included confidential company information. There’s a security issue here as well.

  21. J*

    I AM THE GUY who originally wrote about this. Yes, it happened to me. THANK YOU ALL for the insightful comments!
    As it turns out ( at least to date) no one has tapped me on the shoulder and told me HR wants to see me. The company is mid sized and the manager of IT is in my building…haven’t gotten any funny looks from him either.

    I did not inform anyone…my boss is new and doesn’t know me well. Thankfully I never got a reply ( checked junk mail )…perhaps because it set a screen to trap crap like that before it gets to someone’s desk.?

    At any rate, I always considered the work email link on my phone as “work”…separate from anything else on the phone. Comments have opened my eyes to how that is not so.

    Never loaning my phone out again…ever.

    Thanks for the comments.

    1. A*

      Has anything been brought up at all up to now? I had something like this happen ,but i had sent the image .when i realized i used the company device instead of my own i freaked out,spoke to my manager and explained my mistake,he was ok but warned me not to do it again ….this was a year ago,i still worry .am i too paranoid at this point?

Comments are closed.