What Your Out Of Office Message Tells Hackers
It’s time for a vacation or your going on a business trip and your super excited, naturally our out of office message may reveal some of this excitement to hackers. People don’t naturally think about how cybercriminals would benefit from the details of your Out Of Office Message (OOO). But this attack vector is a great social engineering opportunity.
What Can Hackers Learn From Your OOO Message?
If the company is being targeted an OOO message will raise a flag for the cyber criminal to take action to learn more about you. Many employees share information on social media publicly which can give them a painted picture to what you are doing. Many people would provide overly detailed leave notification in email signatures or add details about their time off in their OOO responses, even when they plan to return to work or the details of the conference they are attending or their vacation destination. They can even search up LinkedIn for company titles and positions which builds exactly what they need to execute an attack.
How Do They Execute The Attack?
Well unfortunately it is quite easy for them to execute this type of attack. I’ll paint out a scenario for you. Let’s say your the top guy, CEO of your exciting business. Cyber Criminals love to impersonate c-level people. Alright so… lets say your going on vacation and your OOO message says how long your going to be gone for and where your going, at some point you also post pictures on social media as well. The cyber criminal will create a fake email address and use it to pretend that it’s your personal email. For example below:
To: [email protected]
From: [email protected]Hey Accounting Name,
This is my personal email address. I am having a great time during my vacation! Just look at these pictures I have attached, they are also up on my social media. I hope that your keeping those numbers properly checked your the best accounting employee I have. I do need you to do me a favor though, my business card isn’t working here and I have potential business opportunity could you run out and purchase six $500 VISA gift cards ASAP.
Thank you,
CEO NAME
Do you see how a specific email can be crafted using information that is publicly available?
What To Do About It!
I understand an OOO message is great because it provides an automatic reply message to business acquaintances or clients however I am just saying we need to keep in mind that it also sends a bounce back to the cyber criminals that have been phishing you.
We all need to do our part and not over share. Your OOO message should just say to call the office for help or email a specific person. Keep your social media private. Create SOP’s to combat personal email and company email interactions. Just be mindful of what you share with everyone.
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.