Your posting is BOTH disturbing & confusing--'disturbing' since you mention it's a MNC & 'confusing' since it's within their purview & capability to verify the veracity of the complaint/claim of identity misuse.
In such cases, CCTVs are NOT what need to be checked. The System Admin guy comes into the picture to check out the usage of the ID INCLUDING the location, time-tagging & other such details of the mails in-question. Every e-mail has a long tracking mechanism--which IS NOT visible to us users--from where the Sys Admin guy or the Cyber Crime cops figure-out the details.
Coming to 'what next', suggest inform the current employer to check out with the System Admin guy. If they aren't keen to do so, suggest file a Police Complaint [in Cyber Crimes Cell] WITH all the facts of the case. They will do the necessary checks of where the mail(s) came from, etc.
All the Best.
Sorry in advance for very long reply but kindly understand the complexity of problem by just reading following case-scenario with calm mind as it is matter of someone's life and career.
Whatever you have suggested I appreciate it. I already know about email-tracing, time-tagging etc. and its now very old as it is used since era of UNIX mail system by tracing hopping of mail from one system to another.
As per your suggestion usage of the ID INCLUDING the location, time-tagging & other such details of the mails etc. all had been easily available without inquiry, due to high-end cloud based monitoring system of mail system.
Even after all that exercise for tracing criminal, problem is that guy whose credential is misused had went to tea-break or lunch during that misuse time and someone had taken remote desktop and did the crime.
Unfortunately, there is no swipe mechanism from work room to cafeteria. Only Check-in time to office building and check-out time from office building is noted in the system.
So it is fact that particular guy's system is misused, but it can't be judged just by logs as that guy is away from his/her system for very long time.
As there is no restriction of minimum daily work hours completion and even no work-load during that time, that guy is away from system as other guys, so no-one is in that room when crime was committed by remote desktop.
Only some prank mail is sent from that guy's system by using ex-employers' employee's email id to higher authorities.
Both of the MNCs do not disclose what is in that mail, but both are agree that nothing much harassing or any adult, blackmailing, threat of murder etc.
But still they made this matter an issue of their pride.
As above mentioned two MNCs do not want to spoil their reputation by involving police or cyber crime cops. So they simply judged that if that guy's system is misused, then he is solely responsible.
They are not even giving 2nd chance by just warning a guy, who is also victim of misuse of his/her credentials.
It is a very heavy punishment for a guy because,
- his/her relation with ex-employer is now bitter forever,
- his/her current employer terminated him/her.
1. Most offices have a rule that you are required to lock your pc when you are not on your desk. Either your friend didnt do that, or had shared his password enabling someone to enter into the system.
2. There is no proof that it was done by remote desktop control, if that was the case, obviously he would not have been blamed. In fact, if the if remote desktop was used, sys admin would know where the mail actually went from as there would be tracking record of the same. How do lu say it was done by remote desktop ?
3. All mnc and most corporate take very serious view of any employee careless with IT resources. If you let someone access or use your IT resources you put the company's information at risk. They do not want such people in the company
I know of certain department in IBM where any unlocked laptop (they need to physically lock their laptop w a chain provided) is picked up by IT and their department head has to come and take it back with explanation for the error of leaving it unattended.
4. Every mnc has a grevience settlement mechanism. You friend should have approached the concerned person in hr. he can still approach the forum and seek help if he is really not guilty.
5. actually the Problem is that many employees make excuses saying imwas not there, someone else used it , etc. I am sure the concerned manager must have checked with their IT department to see who actually sent it.
6. Finally, ofcourse, if you think someone used your id and your are being victimised, you can always approach the cyber crimes department of the police for help.
Please tell us in what way has the company harassed the employee apart from termination ?