Are your Out of Office emails leaving you vulnerable?
We all use them; the ritual of putting our Out of Office on before leaving the office for a break to let everyone know that your off, achieving some life goals, getting that Insta glow and you don’t want to be disturbed.
But with the rising prevalence of social engineering attacks, hackers will use people rather than machines, in order to gain access to companies and your personal details. Could something as simple as an Out of Office email potentially leave you or your company vulnerable?
Social engineering uses the weakest link to gain access to personal information. That weakest link is us; and they are good at it. They manipulate people into giving up information that they shouldn’t and all it takes a name here, or date there and they’re in. Below, I’m going to show you some examples of how Out of Office Reponses can make you vulnerable.
The scary thing about social engineering is that it can be done via email, over the phone or in person to gain access to your accounts.
Say you’re Out of Office goes like this:
“Hi, I’m currently out of the office. My emails are being forwarded to John Smith at Manager@company.com or call on 01234 XXX XXX. I will be returning on 12/12/19, Regards Luci…”
It looks like an out of office that many of us have used, but the information that people can get from this is surprising. It includes your manager’s name, email address, number and the fact that your email is live and in use and so is your manager’s as they are monitoring your emails in your absence. Not only does it leave you open to spam and phishing emails, this information gives them a foot in the door. They now have enough information to try get information about your company and you, by dropping some names in the right places. “Hi John, I tried to contact Luci in regards to a missed delivery, but I see she’s away! Would you be able to sort out one being resent?”
“Hi! I am currently out of the office on annual leave in Spain! I will be returning 12/12/19. In my absence my emails are being forwarded. Thanks…”
Again, a pretty straight forward Out of Office email. Can you spot the vulnerabilities? One you may not have thought of it that you are letting people know that you will not be physically in the office. Someone trying to gain access to your workplace could use this against you.
”Hi, Luci left something on her desk for me to collect while she’s in Spain, alright for me to pop up and get it?” Would all members of staff question this?
Do you work from home? You’ve let people know that you’re not there. Hackers target businesses as they are the most likely to get a big windfall, but that doesn’t put them above going to your home.
The key thing to remember is that you don’t know who your Out of Office is going to, and as a good rule of thumb, if you wouldn’t tell a stranger, don’t put it in your Out of Office.
Tips to say secure
It’s not all bad news. Out of Office is necessary and can be crafted in a manner which is safe.
It’s nice to know that someone isn’t in the office, rather than just ignoring your emails!
- Have a policy in place; what users can and can’t have in their Out of Office
- Be vague; if you wouldn’t tell a stranger, don’t put it in your Out of Office
- Don’t include personal information such as another colleagues email or name
- If you give another contact, try to use a generic one (like admin@ or Info@)
- Use a different message for internal and external messages, one for colleagues and one for clients
Some good examples of Out of Office Replies:
“Hi, I am currently unable to respond to emails, if your request is urgent, please contact firstname.lastname@example.org).”
“Hello, thank you for you correspondence. I am away from my computer and may be delayed in my response. If urgent please contact email@example.com).”
“Hi, I am currently out of the office and will reply to your email in due course.”
Using these Out of Office reply’s will help keep people informed and your company secure.
If you would like more information on how to keep your accounts secure, why not give our experienced team a call on 0345 450 7876.