by Jon Lober | NOC Technology
Full of good intentions, you set an out of office (OOO) message for a summer vacation or conference. You want to be transparent with your clients and employees, so you include a few details.
Thank you for your email.
At this moment, I am away at the ABC Midwest Manager’s Conference in Louisville, KY and will return July 17. If you have any urgent questions, please give me a call at 123.456.7890. If you cannot reach me, email Jim at jim@thecompany.com or call Beth at 456.789.1011. I will look forward to catching up with you upon my return.
Kind regards.
Susan Johns
COO – The Company
123.456.7890
That was very kind of you. Your clients and admiring cybercriminals genuinely appreciate all of the information that you have provided to them.
Unfortunately, thorough autoreplies can provide scammers with enough information to do some serious damage. Business email compromise (BEC) schemes often leverage strategic moments when someone is out of the office to attack. When everyone is out of their normal workflow, they are more vulnerable to unusual requests. OOO messages can provide them with key intel for precision attacks.
In addition to the basic information that someone is out of the office, they now have some idea of the authority structure in your office, who answers to who, and preferred communication methods. They also have several ways to contact you and your employees directly—allowing them to use more advanced social engineering methods to increase the likelihood of an effective spear phishing attack.
Beyond brewing a potential OOO scheme against your own company, savvy cybercriminals can also hijack your OOO message to compromise your contacts as well.
None of this means that you can never use an OOO message. However, it does means that you and your staff should evaluate whether setting an OOO message should be standard policy for your organization.
Does the benefit outweigh the risk? It very well might. If it does, and you feel that you should continue to use them, consider the following before activating it next time.
Now that we have discussed the security concerns of an OOO message, here is how you can actually set one for Gmail or Outlook.
If you did not set a time period for automatic replies (Step 4), you will need to turn them off manually. To turn off automatic replies, sign into Outlook in your browser, choose Settings > View full settings > Mail > Automatic replies and then select the “Automatic Replies” on toggle.
To set an automatic reply for contacts outside your company, select Outside My Organization > Auto-reply to people outside my organization, type in a message, and select OK.
Note: If you have a Gmail signature, it will be shown at the bottom of your vacation response.
When your vacation reply is on, you will see a banner across the top of your inbox that shows the subject of your vacation response. To turn off your vacation response, click End now.
Contact us
Existing Customers
IT Support Near Me
IT Support based in Franklin County, MO | 1816 Hwy A, Washington, MO 63090