It’s that time of the year again when we take our extended leave to enjoy the Holiday Season with our family and friends.

Before leaving for the holiday, you will most likely set your Out of Office message to let your colleagues, clients and vendors know you will be away. Since you can’t or don’t want to answer your calls or respond to email, you want to ensure that people know who to contact during our absence.

You are probably thinking, what’s the harm in that?

The danger is the fact that auto responders will respond to all email messages including messages from those who may be spammers or scammers. An Out of Office message will verify that the email address is valid and this is valuable information to spammers.

Most of people provide too much information in their Out of Office message. The information may seem innocuous if provided to their colleagues, clients and friends but that same information in the wrong hands could be useful to criminals for social engineering attacks.

Information such as who your supervisor is reveals the chain of command. An email signature (which accompanies the out of office message) will reveal person’s contact information, place of employment, job title or position. Using social engineering, someone could impersonate your supervisor and contact HR to obtain home address, social insurance number, birth date, etc.

Also in a typical out of office message, you may reveal how long you will be away for and where you are going. Burglars have been known to troll social media sites looking for this kind of information. If you are in a conference in Ottawa then they are most likely not at your Toronto home. A Google search using the pieces of information can disclose valuable information such as your home address.

In an article of the Toronto Sun this summer, after Vaughan neighbourhood was plagued with numerous break-ins, police reminded residents to not announce travel plans via social media or voicemail.
How to Safely Use Out of Office Auto-Responders

Use Different Out Of Office Message for External Communications

Set your mail client such as Outlook to send different Out of Office notifications to people within your organization and external to your company. Message for external users should be intentionally vague.

Be Intentionally Vague

Do not include sensitive information such as your specific location and contact information. Simply indicate you are unavailable and that you will be checking your email.

Omit Your Personal Information

Omit your personal information from your email signature.