Stop Using Out-Of-Office Auto-Reply Messages

Stop Using Out-Of-Office Auto-Reply Messages — You Risk Social Engineering Attacks

Key Points From The Article:

• Many professionals use automatic out-of-office email replies to tell co-workers and clients about their absence from the office.
• While the approach appears to be responsible, it opens loopholes for attackers to execute social engineering attacks.
• There are alternatives you can take instead of using out-of-office auto-replies.

Most professionals use out-of-office auto-reply emails to tell co-workers and clients about their absence from the office. For the most part, the reply includes different contact information and other potentially sensitive information.

For many, setting up out-of-office replies is a responsible act.

However, it isn’t a necessary feature to use. Instead, it can pose a major security risk because it reveals huge amounts of sensitive data to anyone who happens to email you when you’re away.

Hear From Our
Happy Clients

Read Our Reviews

Scammers and Criminals Can Use Out-Of-Office Replies For Social Engineering Attacks

While the information on your out-of-office reply might be helpful to some, it exposes a wealth of potentially sensitive data to any person emailing you, including scammers. Typically, an out-of-office reply will disclose the following:

• Where you’ve left the office for
• The time frame you won’t be available
• The alternative contact to reach out to
• Your alternative contact
• Place of employment
• Job title
• Line of work
• Chain command

When such information lands in the hands of hackers or criminals, they can use it to launch social engineering attacks.

For instance, when a criminal or hacker knows you’re not at the office, they might talk their way into your office, saying that you’ve sent them to grab something. If the person’s story is plausible enough, a busy secretary might allow the stranger into your office.

Alternatively, the contact information may help scammers gather elements necessary for identity theft. With your email address, cell numbers, work contact, and supervisor info, a spammer, has enough to steal your identity.

The Risk of Impersonation

At the signature of out-of-office replies, you’ll provide your job title, company, and contact information. When you add “Please contact my supervisor while I’m out,” you expose your chain of command and reporting structure.

A social engineer can use the information to execute an impersonation attack. For instance, they can all the human resource department in your business pretend to be your boss. They can try to get your information from the HR department to try to correct the company tax forms.

What Are the Safer Alternatives to Out-Of-Office Messages

Instead of exposing potentially sensitive information in out-of-office replies, you can take better alternatives. Some secure options you can take include:

Forward Your Email to Someone Else in the Office

Instead of setting up automatic out-of-office replies, you can forward important emails to a trustworthy person back into the office.

Alternatively, you can leave someone to keep an eye on your email back in the office. Identify a person you trust in the office and delegate the task to them.

Reply to The Emails When You’re Back

You’re unavailable just for a short period. Going away for a couple of days isn’t a reason enough to set up automatic out-of-office replies.  If you miss a few emails and get to them on your return, you can reply. If the email is so urgent, the sender should reach out to an executive in your team. You’re not so important that people don’t know other key people in your business that they can reach out to.

More importantly, nothing will stop if you don’t answer an email in a day or two. Unless it’s a key deal that you’re going in, ensure someone’s checking your email, or you’re forming your email off to someone.

Colorado Computer Support Will Help with All Your Business IT Services

While many professionals might find out-of-office replies necessary, there are plenty of reasons to avoid them, which include:

• Security threats
• They’re unnecessary
• Irrelevance for your company

You’re better off with alternatives that fit your company. We can assist you if your business needs IT help to improve productivity and efficiency. Contact us today for a collaborative partner in strategic IT across Colorado.