Automatically generated out-of-office messages, like the kind created by Microsoft Outlook, are continually seen as potential security risks.
But what are the risks?
You may think is seems silly that a simple message informing someone that you are not in the office to respond to their message can pose a security risk, but these risks are very real for many organizations.
We have detailed the top 3 reasons why these handy helpful messages can be bad for you:
1) Physical absence: For small office or home office environments, an out-of-office message can easily alert someone to the fact that you may not be physically present at your location. Paranoia? Possibly, but letting people know that your premises may not be staffed is not necessarily the wisest thing to do in these trying and crime filled times. Larger businesses might not need to be as concerned about this particular issue unless their existing security does not sufficiently cater for unknown entities walking around the workplace. A very real threat is that people knowing you are away and for how long can plan to take advantage of the fact that your desk, workstation and files will be unattended for a set period.
2) Social engineering: Out-of-office messages with too much detail can give an outsider that much information to perform a “social engineering” attack – i.e. penetrate the security of your organization by working through your co-workers and exploiting their human nature, using the information you provide in your out-of-office message to easier convince them that they and their requests are legitimate.
3) Dictionary attacks: If a spammer tries to use dictionary attacks (randomly-generated e-mail names) on an organization, an out-of-office reply is proof that a given address is good, and a spammer could add that to a list of known-valid addresses for future spamming runs.