How can an out-of-office message pose a security risk?Let’s say you’re a manager headed to Cancun for a vacation. You write an out-of-office message that contains:
Most people don’t give this a second thought, but you could potentially be putting the College at serious risk. In the wrong hands, this information can open the door to phishing attacks and financial fraud.
By making this information public, you are unwittingly giving a hacker everything they need to complete a Business Email Compromise (BEC) scam. In BEC attacks, the scammer commits fraud by posing as a senior employee and will attempt to trick an employee into fulfilling a fraudulent request, such as transferring money or accessing confidential data.
Using a slightly modified email address that mirrors yours, a scammer can impersonate you and address your colleague by name. If you provided details about your vacation or conference, they might even mention how great the trip is going to make the request more convincing.
This kind of cyberattack makes up a large part of the cybercrime industry. According to the FBI, American companies have lost $12 billion to BEC attacks. The good news is there are ways to protect yourself and your office.
Whether you’re taking a personal or business trip, or taking time off for another reason, always remember that information contained in your out-of-office message could be used maliciously.
Remember: When it comes to out-of-office message best practices, less is more.
To Whom It May Concern:
Thank you for your correspondence. I am currently away from my computer and may be delayed in my response.
If there is an emergency, please email [email protected], and someone will contact you as soon as possible.
Regards,
Robert
Learn more on how to set up out-of-office replies based on internal/external recipients: Outlook on the web, Windows Outlook Desktop Client, or Mac Outlook Desktop Client.
