update: my manager set up a secret email address using my name

It’s “where are you now?” month at Ask a Manager, and all December I’m running updates from people who had their letters here answered in the past.

We have so many updates this year that I’m going to be posting six to seven times a day for the next several weeks — so keep checking back throughout the entire day.

Remember the letter-writer whose manager set up a secret email address using the letter-writer’s name? Here’s the update.

Thank you so much for answering my letter and publishing it. I didn’t know where to turn to for advice, but then I remembered your site. For the past few years, Ask a Manager has been my go-to site for work stuff. When I need to look up a word I open the Merriam-Webster. When something weird happens at work, I hop over to Ask a Manager to see if anyone else has encountered a situation similar to mine.

I appreciate your words of wisdom and there were so many helpful suggestions from the posters. I took in the advice and here is what happened.

I asked the IT guy about that Group email my supervisor set up using my name. When did she open it? Can you disable it? To answer my first question, he sent me a screenshot that showed when the account was created (March 2018). He then sent another email this one roping my supervisor into the conversation by cc-ing her in his reply. He wrote that as my supervisor was the sole member in the group using my FirstNameLastName@collegename.edu he could delete it only with her permission. Being true to form, my supervisor expressed surprise. She replied that she didn’t know the group existed and that yes of course he has her permission to delete the account. She also asked IT guy if there were any emails sent to that incorrect email address and if he could see that. IT guy replied that he wouldn’t know what else might have been sent to that address, but as she was the only member of that group, all messages would have gone to her anyway. All I heard from her were crickets after that. No response from her.

Later that day, IT guy notified me via email about the account being deleted. I thanked him. He replied that he was glad the remedy was quick and then ended his email with this: “Strange …”. You know something doesn’t smell right if even someone from IT (who has seen it all I’m sure) had to add a little comment about this situation.

{ 108 comments… read them below }

    1. Anon for This*

      I’m kind of wondering if he told her he couldn’t gain access to the emails, then quietly opened an internal investigation to do exactly that.

      Because, yes, IT CAN access your emails. It’s not something to be used lightly but it’s possible.

      1. Magenta Sky*

        That depends on how it’s set up. The old fashioned way, the client deletes the message from the server after it downloads it. The newer way leaves it on the server, so it’s available from any client with the right login. The newer way is very common, but at a university, I wouldn’t assume it’s done that way.

          1. LinuxSystemsGuy*

            So, there’s a couple of things here. First, as the person above pointed out, older email systems actually delete the mail off of the server when it’s downloaded to the client. This is an unlikely, but possible, problem. For all kinds of reasons (compliance with various regulations being the biggest one) most companies don’t do this anymore.

            The bigger problem is that the suspect email isn’t an account, it’s an alias/group. Email sent to it isn’t going into an easily located bucket called lwfirstnamelastname. It’s going to her supervisor’s account as a forward. In order to find those mails IT is going to have to search her the supervisor’s accounts to find any email that came in through the alternate address instead of her main address.

            Searching an employee’s email is generally going to require *at least* the approval of LW’s grand boss or HR. And as Allison points out in the original letter, while this is all very weird, it just doesn’t rise to the level of a formal investigation against supervisor.

    2. NerdyKris*

      Even if IT investigated they probably wouldn’t have shown them to the LW. That would be something that’s only shared between the IT person and the manager’s boss. When you’re in IT you are expected to keep things confidential, even the fact that you’re investigating.

      They almost certainly investigated the boss’s mailbox for the emails. Likely whatever they found wasn’t worthy of firing her over.

      1. Batgirl*

        My assumption was that she was using it for something like an affair. Or something similar where she really wouldn’t want people to know, but her employer wouldn’t necessarily care about it.

        1. Loulou*

          But why would she want an email under another, real person’s name for that? Why not just set up a generic Gmail account? (Not that I can think of an explanation either! This one just doesn’t seem plausible to me)

          1. Batgirl*

            A fake gmail account on your phone or whatever would stand out more than a company name account mixed in with your other team people.

    3. Falling Diphthong*

      I wonder if there were none there.

      My recollection from the original letter is that a few people offered up “If you tried to do X, you might accidentally create this group.” It’s a case where there’s a subset of explanations in which an innocent party is just yelling at the computer in frustration a lot.

      1. The Rules are Made Up*

        Idk. If those emails were getting re-directed to the boss’ email and she didn’t want them to that would probably get really annoying. Even if it only happened occasionally. Most people would ask IT about that so the fact that this is the first IT is hearing about it and the boss acted surprised about it, as if she didn’t know someone else’s emails were coming to her, which seems unlikely…… seems nefarious.

    4. Hey Nonnie*

      Under the circumstances, I feel like I would at least ask IT and/or the manager’s manager if an investigation could be opened. LW may not ever be privy to the results of an investigation, but I think it’s fair that one happens. Using someone else’s identity behind their back is pretty serious.

  1. CoffeeBreak*

    It’s going to drive me crazy not knowing WHY the supervisor did this. It doesn’t make sense and there can’t be any serious gain to just getting the misdirected emails.
    Unless this is some kind of sitcom universe where only wild things happen, and even then I’m having trouble coming up with a reason.

    1. Jaybee*

      It would have to be something ill-intentioned. If she had a good reason, she wouldn’t have pretended not to know what was going on, right? She would have explained why she set it up.

      Working in banking, my first thought is some kind of fraud while posing as LW, although if I recall from the original post and comments she couldn’t SEND emails as LW, just received emails addressed to that email address…

      1. Magenta Sky*

        Most mail clients, you can *send* email as *anybody*. It’s just a setting that has nothing to do with the account.

        1. Jaybee*

          Yeah but I’m pretty sure that wouldn’t hold up under scrutiny from IT or other internal investigations, which is what one would want if one wants to commit fraud in someone else’s name and have them take the fall for it.

          1. Berkeleyfarm*

            It might be tough to track down to the actual source machine if not hopped on right away, though.

            Email admin here. This supervisor is snoopy/up to no good. But there’s nothing inherently hinky about requesting X email resource for your employee. What’s hinky is how she was handling it though.

            Magenta Sky is right, most mail systems are pretty easy to frog. Spammers do it all the time, and internal systems that accept smtp mail from internal machines are super easy to manipulate.

            The email frogging story I have that’s almost wholesome is when someone made a poor decision about “how to cheer a coworker up” by using a mailer or command lines to send a message about what a great job that coworker was doing … using the name of the director as sender.

            Recipient smelled a fake (director was NOT an encourager), reported it, director screamed bloody murder at us (“ONLY YOU GUYS KNOW HOW TO DO THIS” … yeah, right, you are sure none of your 50 other IT employees know how to use an SMTP mailer … ), we were able to track the IP from the logs and connect it to a workstation. Sender confessed. Civil service so was told to never do anything like that again.

    2. Heidi*

      The original post had a lot of comments speculating about some sort of catfishing/identity theft scheme. I guess the supervisor could contact people online pretending to be the OP, and if someone tried to google her, they’d only find information about the OP.

    3. Hlao-roo*

      I think the reason could be as simple as incompetence/nosiness. Similar to micromanagers who want their reports to cc them on every email because they (1) don’t know how to actually manage or (2) want to know everything. She could easily be doing this without any serious gain. Her reasons likely make sense to her and to no one else.

    4. RagingADHD*

      I’ve heard David Tennant say in interviews that he used to pretend to be his own PA in order to get out of attending events or having awkward conversations. Her name was Melissa von Stressel.

      Hugh Grant and Jamie Lawrence have both admitted to pretending to be their own agent when they started out.

      Now, those were fictional personas of course, but based on the LW’s description of their boss, along with IT’s and management’s lack of action, I’d imagine that if the boss was using the email address for anything, it was some kind of low-level face saving or inflating her own importance by pretending the assistant was following up on things or giving answers that she wanted plausible deniability for later.

    5. Dragon_Dreamer*

      It’s very possible she was hoping to catch OP interviewing for jobs or something similar. The original letter says the supervisor in question is known for gaslighting and playing dumb. This sounds like EXACTLY the reaction that occurred. That last comment by IT tells me the supervisor is now on their radar. She’s probably going to have her account more closely monitored for a while.

      1. Where’s the Orchestra?*

        Very much hoping this is true. Also wondering if the supervisor has been under watch before and started setting up alternate accounts to dodge the watching?

  2. dresscode*

    This was definitely a good approach. When you have someone who plays dumb when called out, sometimes playing dumb on the other end works well. “No one has any idea how this happened but it’s fixed now!”

    1. General von Klinkerhoffen*

      Pretending you assume everyone is acting in good faith is often a successful stratagem if the aim is simply to stop the unwanted behaviour – in this case, IT gave Supervisor an easy out and she took it.

      IT guy is a useful person to know, I think. Skilled and diplomatic simultaneously.

  3. Not Tom, Just Petty*

    Strange, indeed.
    “oh, did email go to this account?”
    If they did, you got them.
    oh, er um yes, very well then…
    uh huh.

    1. EPLawyer*

      “Did email go to the account?” = “Oh no someone else might have seen what I was doing this with account. Am I busted?

      1. a thought*

        Yes! I’d think this would be a dangerous thing to ask though! If she wasn’t yet busted, maybe it would prompt the IT guy to have looked into it. It’s too bad it can’t be seen what she was up to…

      2. Pay No Attention To The Man Behind The Curtain*

        Yes! I think she was trying to ascertain if IT could see/read those emails and her responses, not actually wondering if anyone has “accidentally” sent emails to the account. I’m glad it’s shut down but I wouldn’t be surprised if another secret email account is already in place.

        Doesn’t their IT do an audit on “unused” or duplicate email addresses? Wouldn’t they have, at some point since 2018, noticed 2 accounts for the OP and wanted to delete the extra? I have a general email account for a particular project I work on once a year — think “AnnualProject@organization dot mail” and since it’s only used for a short period each year, I feel like I’m forever stopping my IT from deactivating it. Having the box separate provides continuity to the rest of the org, so they don’t need to know who’s specifically in charge, since theoretically someone else could take over this project at some point.

  4. Important Moi*

    “IT guy replied that he wouldn’t know what else might have been sent to that address, but as she was the only member of that group, all messages would have gone to her anyway. All I heard from her were crickets after that. No response from her.”

    An awkward attempt to see if IT had

    1. read the emails
    2. had an opinion on her behavior
    3. (most importantly) told anyone else.

    I’m glad he didn’t’ play along.

    1. Tilly*

      I wish he had said that she received all the messages to this account, without noting that he couldn’t access.

  5. Cherry*

    That’s really weird. I have a Teams site that’s only for myself – that’s because we use Teams a lot and I want my own private notes and stuff to be in the same place; apologies Microsoft if I’m Not Supposed To Use It That Way…
    But OBVIOUSLY that is under my own name and email address.

      1. I'm A Little Teapot*

        just create a teams site, but don’t add anyone else to it. You can google for step by step instructions if you need them.

    1. SomebodyElse*

      I’ve toyed with the idea myself. I can’t remember the context that I was thinking about (probably to utilize some of the functions) but I never really made it work.

      If I squint reallllllllllllly hard, I could almost imagine a manager setting up a private channel for their team members as a way to track things related to them. But it would seem that there are easier and more effective tools to use for that.

      I can also see that the manager didn’t know about the email thing… In my company the email address for each channel came out well after rollout and our IT doesn’t bother telling us when Teams releases a new function. I tripped over the email function by accident one day and in my short random discussions not many other people knew about it.

      All in all I’m give this one about 50/50 odds that there wasn’t anything nefarious behind it, but can certainly understand why the LW had cause for concern.

    2. Two Dog Night*

      Ooh, that’s brilliant–I just did this so I don’t have to keep OneNote open all the time. I’m not wild about Teams, but since I’m stuck using it, it’s easier to have everything there.

    3. J.B.*

      If you have teams and one drive, you can sync so they show in your folder list on your desktop. When you do that, the Teams folders are just other folders in the list. When I started the sync I did it from the web based app.

  6. Lana*

    OP should keep the email conversation and maybe even screenshots. This smells like identity fraud. Keep an eye open for any strange things like emails or calls from credit card companies, suspicious parking tickets, etc. And maybe the IT guy could check for other fraudulent email addresses, although I expect your boss will change MO now…

    1. Emotional Support Care’n*

      Not necessarily. IT didn’t say that they saw anything. As far as the supervisor knows, all IT knows right now is that potentially, a glitch happened somehow in the creation of an email and the supervisor ended up with a “duplicate” account of the employee’s email address (if she so chooses to spin it that way). Must have been a busy week and a clumsy IT department .

      If IT chooses to do a more in-depth investigation, and to look for more anomalies, or to look deeper into *that* particular email account (maybe they didn’t delete the account, but blocked supervisor’s access to it while they investigate), and then took their findings to upper management, I wouldn’t find that out of line at all. Unless the investigation finds evidence that OP has had her personal information compromised, she no longer needs information of any of IT’s potential investigation, especially if they are doing it quietly.

    2. I'm Just Here for the Cats*

      I think its a stretch to say that the boss was doing this for identity theft for Credit cards and such. For one thing I don’t know if the boss would have access to the SSN. When I was hired at any of my jobs that info was given straight to HR. At one place the boss was not even in the room when we filled out that paperwork, it was just HR.

      1. traffic_spiral*

        Yeah, boss was probably just using it to help cheat on her S/O – which is immoral, but not OP’s problem.

  7. Risha*

    Odds are fairly good that she used that email address to enroll/subscribe to things online that she doesn’t want her name attached to or easily traced back to her, since a lot of sites make you click on a link to verify the email you signed up under is accurate (instead of just letting you enter a fake address like the old days). If that’s the case, the big question is whether there’s a reason she’s using a real person’s name for that account instead of just making up a fake one. Alarming.

    1. Artemesia*

      That is the most plausible theory yet. Definitely keep a record of the emails on this including that it was deleted so if you ever have a background check issues, you h ave some documentation that someone at your workplace set up an account in your name that you didn’t have access to.

    2. Empress Matilda*

      I mean, seriously. If all you need is a fake email address, go ahead and set yourself up with fakeaddress@hotmail.com and you’re done. Why go to the trouble of using a real person’s real name? Unless of course you have nefarious purposes…which it seems pretty clear that she did.

      Glad it’s all resolved now!

    3. a good mouse*

      FYI for anyone bummed they can’t just enter a fake email like the old days, there are a bunch of sites that will give you a fake/short-term email address and a temporary mailbox so that after you sign up you can click the “verify email” link without ever using an email address tied to you or that even really exists beyond the 5 minutes it takes to complete a sign-up. Very useful to be able to access sites without exposing your email address to tons of spam.

      1. londonedit*

        My phone does that now. There’s a thing that comes up that says ‘Hide your email address?’ and if you click yes then it’ll enter a random email address that will automatically forward to your home email.

    4. LKW*

      This is the most generous explanation so far. But the suspicious cynic in me doesn’t believe this is the reason

    5. a thought*

      This seems plausible but seems like the supervisor would have been better off making a Gmail (or other similar) type account. Maybe there was some advantage to the things they were signing up for to having an .edu account? I have so many questions.

    6. Ellie*

      I think this sounds likely. The use of a real name might also be because its simply easier to remember details about a real person than it is about a fake one (name, age, date of birth, home city, etc. – much easier to keep track of it all if there’s a real person you know well behind it). Also, if you used a fake name and there’s a real person you gave your email address to, they might google them and discover it. OP is a real person, so the history, etc. would make it seem quite legit.

      I’d spend a bit of time doing some google searching, see if there’s anything online that’s new or you’re not happy about. But short of hiring an investigator, there’s probably not a lot more you can do. That boss is so dodgy.

  8. Amy Farrah Fowler*

    I find this whole situation baffling… Even the update doesn’t really clear anything up. What a strange situation.

    1. ThatGirl*

      It is baffling, but at least that particular problem has been dealt with. Based on the OP’s description of her boss, it doesn’t seem like she’d ever get a great explanation anyway.

  9. animaniactoo*

    #1) I would seriously consider taking ID theft precautions at this point.

    #2) She asked IT about the contents of the e-mails because she wants to know if THEY read them. She knows what’s in them. She wants to know if anyone else is paying attention to what’s in them.

    Random Speculation™ – she was using the account to catfish someone.

    1. Artemesia*

      Absolutely check credit bureau accounts and put a freeze on credit (be sure you carefully keep track of information needed to release the freeze — it is a real pain if you don’t have the magic numbers to do that when it comes time to buy a house)

    2. Tilly*

      Catfish – bingo. That’s my guess. Any sort of financial ID theft makes no sense to me – it would require more than an email address, and I don’t even see how an email address would be helpful.

  10. a good mouse*

    Its too bad OP couldn’t just get that redirected to their email address, so that anyone who had been using it would now be sending emails to them (and it would be a good catchall for all the people assuming they have a normal email scheme).

      1. Tilly*

        Has LW tried googling the email address, and searching Facebook, etc, to see if any accounts associated with that email address?

  11. awesome3*

    Thanks for the update OP, I’m glad you went to IT. Your supervisor sounds hard to work with and I hope one day we get another update from you with something to celebrate. Take care!

  12. Keymaster of Gozer (she/her)*

    I could be wrong, but here’s how my IT professional self translates that ‘strange..’ comment:

    IT is hinting that you might need to keep a close eye on things for a while, and also dropping the hint that they’ll be watching her a lot closer too. If I’d had that kind of thing happen under my watch I’d be watching her account/drives/email for any dodgy business in future. In my experience when someone gets caught doing one thing a bit dodgy there’s often weirder stuff to be found…

    1. anonymous73*

      Yep. This raises big red flags. And when people wonder if their browsing history is being tracked when they do non-work things at work, this is the type of situation that would cause IT to look into what else she’s been up to at work.

      1. Keymaster of Gozer (she/her)*

        If I were a betting person, I’d put money on her trying to be more ‘clever’ next time and getting caught by IT for tryin to get around the firewalls/using VPNs/trying to spoof their IP address etc.

        However, I am an exceptionally paranoid person. It’s sometimes great that handling IT security is something my schizophrenia can contribute TO! :)

        1. DJ*

          Oh, I have so many questions! Like how to you ensure appropriate balance between normal and definitely way over the top paranoia when dealing with your schizophrenia? Are you open about your diagnosis at work?

          Hope I’m not asking anything too personal!

          1. Keymaster of Gozer (she/her)*

            Happy to answer in detail on weekend open post, don’t want to derail here, but simple synopsis: a LOT of psychological help, some fairly strong medications and some time spent in hospital.

            I’m not open about it IRL to anyone but my husband and a very close friend. Too many instances of people finding out and backing away from me like I’m a danger to them to be any more open than that.

    2. Eldritch Office Worker*

      I was hoping you’d weigh in. Do you think IT went through the emails on the fake account to make sure there was nothing blatantly illegal/harmful to OP going on?

      1. Keymaster of Gozer (she/her)*

        I’d certainly bet on them having scanned through the email activity on the account (we only go to reading every email if there’s a really good reason – it takes hours) and seeing if there were any suspicious activity. For a first offence though it’d likely be a quick view.

        Does depend on how much work IT have on at the moment. If they’re busy they’ve likely just put a watch on the person’ computer.

      2. Mimi*

        Also in IT, and if this came across my desk, I would absolutely see what had been sent to that account if I had a way to do it that didn’t involve locking the supervisor out of her account, both to make sure there wasn’t anything fishy going on and because I was just dreadfully curious. (And, honestly, if the only way I had to do it involved locking the supervisor out of her account, I might well ask my boss for permission to do that.)

    3. Cthulhu's Librarian*

      So very, very true.

      If I had said “strange” in these circumstances, an accurate translation might have been something along the lines of “Now that I’ve gone through my processing to move from gobsmacked to gibbering in a dark server closet to Fixing The Issue, I’ve looped in at least my boss. We’re discussing whether to loop in finance/audit/internal controls.”

      1. Keymaster of Gozer (she/her)*

        Yeah, in my lexicon it would be ‘I’m not flagging this up to internal audit/HR just yet, but I’ve made a note of it and I WILL be watching now’

        1. Berkeleyfarm*


          I don’t have internal audit at my place but I am part of the security team and would let my coworkers know. That person would be on a “watch list”. We also might go pull the ticket for the account creation.

    4. Dragon_Dreamer*

      This. I agree with you. The supervisor was hoping to intercept at least some of OP’s emails, either for stalker reasons, or to make OP look bad. She’s on IT’s radar, and isn’t coming off it for a LONG time.

    5. Where’s the Orchestra?*

      I’m agreeing that she probably has some other oddness going on – but until/unless we hear something more concerning I’m going with bright, neon yellow flags of warning and hoping that IT keeps a closer watch on what she’s up to for a while.

      Agreeing that she probably will sink herself eventually. Most likely through being caught by someone not willing to accept the playing dumb or gaslighting attempts in explanation for “what she was up to.”

  13. Bookworm*

    While I’m glad IT handled it, this seems so WEIRD. Thanks for the update, OP. If you’re willing/able/have anything else to share, would love to hear if there’s anything else. ‘Cause this was a strange one and do hope nothing seriously sketchy was happening here.

  14. MisterForkbeard*

    It’s super weird. Note, I work in IT.

    The most benign situation is that when Teams was set up she typed in your name (meaning to search for you or something) or misunderstood instructions and accidentally created a Teams group under your name. I actually doubt it was meant for malicious reasons (and yes, this is why you don’t let normal users make external-facing resources like e-mail addresses and distribution without approval or monitoring from IT).

    My guess is that the above is actually what happened. You’d be really surprised at the amount of people who get mails delivered to them (like she would have been) and just… delete them and never ask why.

    1. Mimi*

      Yeah, something like this is the only harmless explanation I can come up with here, and while it’s possible, the degree to which I thought it was plausible would depend on my assessment of the supervisor’s tech skills.

      1. Loulou*

        Yeah, something like this was also my first thought. I’m also wondering if there are similar email addresses for other members of OP’s team, or just OP?

    2. theletter*

      this was my thought too – features that are intuitive to most people can be incredibly confusing to some, with weird consequences that they might not even notice.

  15. Elbe*

    Does this person have any other reports? If so, IT should check to see if emails have been set up for their names as well. I’d really love to hear how she spins “I don’t know how that could have happened” if it’s happened repeatedly.

    My main concern was if the supervisor had been sending emails from the fake email address pretending to be the LW. The LW describes it as an email group, rather than an individual address, so it’s unlikely to be the case, thankfully. But it would make a lot more sense if she had been trying to impersonate the LW rather than just receive the occasional misdirected email set to the LW.

    1. Meep*

      That was my thought too! Allison and LW were worried that the supervisor was mining info, but more likely, she is doing it to send unsavory emails (or in case she needs to send unsavory emails to get OP fired). 2018 sounds like an insurance plan.

  16. BeadsNotBees*

    At my company, we sometimes create a Microsoft Team with external users to track projects. Whenever I add someone not already a registered member of our organization via their e-mail address to a Team, that e-mail address gets registered into our Microsfot 365 admin account on the back end and I can see them as a user but can’t do anything with the profile (I have full admin permissions). I also receive all email notifications/forwards for the Team as the creator. I’m wondering if the boss was randomly trying to set something up in Teams, used the wrong e-mail address for OP and then forgot about it over the years? There could of course be another explanation, I just don’t see the jump to “identity theft” necessarily.

  17. Meep*

    I am grateful in my place of business that you can start typing the name and their email pulls up. It became complicated when my Toxic Coworker “messed up”* a (nonbinary) coworker’s last name and there were two emails for them. But otherwise, no way to worry about managers setting up weird email addresses to impersonate employees.

    *she is also my bigoted coworker so I cannot be certain it wasn’t unintentional even if she is careless too.

  18. Joyce To the World*

    It is apparently easy to use someone else’s email address. Especially on my company’s version of Outlook. Someone did this to me years ago and faked an email to our compliance department with me as the sender. Not sure what all it said but I was called down to HR multiple times and grilled. As if I was the perpetrator and not the victim. I still don’t know what all it said and they weren’t going to even tell me the outcome of their investigation. Hopefully you have it resolved now.

    1. Loulou*

      LOL, this just underlines how goofy my workplace is. I think most of my exchanges with IT involve them saying “strange!”

  19. Siege*

    OP – all systems are different, but when I dealt with an email situation at the community college I worked at, the help desk could see how many emails were in an account, and may have been able to actually see them (I don’t remember if she confirmed the only email was the welcome email or if she just assumed from the creation date and traffic in the account). That doesn’t help you now, but your boss is going to do this again to someone else, and it might be worth finding out more about the capabilities of your IT system for when that happens. I also have had my emails directly read by a sysadmin, so I kind of don’t buy that IT couldn’t see the traffic and messages.

    I don’t buy the innocuous explanation some commenters are coming up with, based on the fact that if you accidentally created an account you’d gaslight someone about how that was an accident, or at least your boss would. The surprise route only makes sense if it’s not an accident.

    1. Newbie101*

      So it may be that I don’t understand how Teams works and the manager’s ability to access this, but I’m wondering if OP’s boss was able to use the email address to SEND emails, pretending to be OP.

      Even if that’s not possible via Teams, if she set up the account, she probably has the login details and can send messages. If this is a possibility, I would be very concerned. Hopefully clear answers are forthcoming and OP has nothing to be concerned about.

      On a better note, OP, your writing is fantastic! Ask A Manager has helped so many people in innumerable ways.

  20. SEM*

    This was the approach I’d have suggested. Tell her you found out about it and ask if IT could delete it. Glad she claimed she had no idea, so action could be taken, but yes unfortunate you never found out why she did it in the first place

  21. SMH*

    I would raise this with HR and head of IT as a possible breach. How does anyone know other emails for other employees have not been set up? How do we protect against this in the future? Escalate and frame it as a major security breach and hopefully you’ll get attention quickly. IT should have a record of who requested the email not just when it was set up. Explain that you also need to see who was emailing that group to see if there are any additional risks to you and your information. What would be the goal of setting up an email with someone else’s name? Nothing good is all you can imagine and while you don’t want to give into your fears in this day and age you cannot be too careful. What was sent from that box with your name? When will that possible surface and cause further issues?

  22. nnn*

    I still want to know if the manager had similar addresses for their other employees, or if it was just LW

  23. Arcya*

    ok here’s my hypothesis about why it was set up like that: she’s a micromanager who wanted to see all emails being sent to the LW and thought the Teams thing was a sneaky way to do that. But she set it up wrong, with the wrong email. When it didn’t work like she expected she just forgot about it. Now she’s playing dumb to cover it. Not super nefarious but also not really someone I’d want as a boss.

  24. LittleMarshmallow*

    Without knowing if the March 2018 date coincides with something in the LW’s time with the company it’s hard to say, but I guess I could see this being some dumb mistake where she was trying to request like folder access for her report or a mistake was made when the employee’s email account was set up. I’ve had new hires where their set up just got so messed up that the people that set them up had to just scrap it and start over but that original set up was still hanging out there and was messed up enough they couldn’t figure out how to delete it right away. I’ve also had people get stuff messed up later when someone tried to update access to accounts. My own account was recently accidentally granted ownership access to every shared account in our group… I had to put in 3 IT tickets to get it resolved so I only had ownership of the one shared account that I did set up… well… and the mystery one from my previous location that got accidentally created in my name two years after leaving that location but no one can figure out how to delete it or change ownership… or even who is supposed to own it… so it just sits there in my access bucket. IT stuff is so messed up where I work that I guess I wouldn’t bat an eye at something like this being totally innocent.

  25. Nikki*

    I wonder if this person works at a public university. If the account is not totally nuked now they could theoretically FOIA all emails related to it because they’re part of the public record.

Comments are closed.