A cyber security product company has advised users of corporate email accounts not to set an ‘Out of Office’ auto reply while away, because cyber criminals will most likely pursue over the holiday season. Mark Guntrip, Director of Product Marketing at Proofpoint said that part of enjoying your time off is having an automated assistant to let people know you’re away, so they don’t think you’re ignoring them.
“The problem with a detailed out-of-office reply is that bad actors learn you’re away and/or offline. They can then potentially attempt to compromise your account, knowing the exact amount of time they have to impersonate or otherwise spoof your identity before you return to the office. Targets include anyone external-facing in close proximity to sensitive data, or who can influence operations (accounting, HR, executives, etc.)”
“Once inside your account, there is almost no limit to the amount of damage cybercriminals can do in your name because employees consider you a trusted source. They can send malware, solicit personal information from coworkers (W2s), or even request funds be directed improperly/invoices be paid to fake entities. For example, if you’re the CEO or CFO, an email may be sent to accounts payable purportedly coming from you saying “I’m about to get on a plane…please transfer [dollar amount] to entity X.”
“If it’s not critical, do not activate an out-of-office reply. Instead send an email to all appropriate contacts letting them know you will be offline / out of town. Be sure to include a directive that you must verbally confirm any requests for financial wiring, payments, or sensitive data during your vacation.”
“If posting an out-of-office reply is critical to your position, customise the external message to be extremely vague for anyone outside of your organisation. For example, “thank you for your email, I will reply in short order.”
For more advice visit the Proofpoint website.
