|
|
|
|
|
|
by neontomo
789 days ago
|
|
|
I have a few ideas. Sometimes when you reset an email account password it will tell you a part of the recovery email if there is one. This could be a clue. Send an email to one of the emails used by the perpetrator while in a meeting and see if any of your staff reacts. If you have access to the routers, compare device names of people logged on while the emails are sent out (if they’re sending in the building). Are any of your staff using protonmail as their main email provider? Search slack for any discussion or snippets with proton emails. Does downloading the parent email list cause a log to trigger? While in a meeting speak as normal and then when you mention something that is slightly gossipy, observe whose eyes widen or body language changes. Simply speak to your staff and determine whether they are happy in their positions. This is good practice anyway. Don’t be obvious. |
|
|
It appears that the individual is using their phone to log into the company email, so there's no trail coming from the school routers or email account.
I hadn't thought about trying to trigger the reset notifications. I'll look into that.
We have a few people in mind, but with no actual proof the school is afraid of taking steps due to litigation based on "unfounded accusations".