Proudly supported by

Australian Government logo
Telstra logo
CBA logo


Resources Hub / Protect your business / How your out of office email can be used in cyber attacks

How your out of office email can be used in cyber attacks



Switching on your out-of-office email can be a rewarding, final task before heading on holidays. The only catch? Cyber criminals might try to use it against you.

According to a new research report released by Cyber Wardens, Risky Business, details included in out of office messages can be used against small businesses in cyber attacks. 

Out of office emails can be like putting up a sign that says, “Hey, I’m not here right now,” particularly when you paint a picture of your travel plans.  Online criminals can use this information to scam the business by impersonating the owner or employee on leave.

The report interviewed 2,000 small business owners and employees and it found 1 in 10 owners had observed personal details added to out of office emails.

Case Study: Holiday Impersonation Scam

In early 2023, the owner of an Australian family-run business took a well-earned international holiday. Excited to be on leave, and to remind people they’d be out of contact their out of office message contained travel dates and details of the places they were looking forward to be visiting.

Using the information in the email, the cyber criminal devised a targeted impersonation attack pretending to be the CEO stuck in a specific travel location with a compelling story of having had their accounts locked overseas.

Team members started receiving emails like, “Could the accountant please transfer money to a local account?”

Thankfully, the business had a well-established process to double verify large transactions and was able to identify the scam at the last minute.


An out-of-office email template

If you’re stuck on what to include (or not include) in your out of office message, we’ve drafted an easy template for you to use:

Thank you for your email. I am currently away from my computer and may be delayed in my response. For urgent matters, please contact our team at [general team email] or call the office at [office phone number].

Best regards,


More cyber safe habits from the research

The Risky Business research report highlighted some of the most common cyber security pitfalls that could expose small businesses to potential threats, data breaches and financial losses.

The findings aim to raise awareness and empower small business owners to enhance their cyber resilience by building simple cyber-safe habits into their daily business lives.

The positive news is that small business owners and team members can build good everyday habits that increase their cyber safety and decrease the chances a cyber criminal can break into their business.

Your business’ cyber security is only as strong as the good habits each team member practises so we’ve made the report easy to read and encourage you to share with your colleagues.

Learn how to protect your small business from cyber attacks

If you want to take the findings from our research and put it into action, enrol as a Cyber Warden today.

A trained Cyber Warden can spot scams, knows how to boost your small business security in easy and practical ways and advocates for your team’s cyber safety.

With Cyber Wardens, you can keep your digital floors clean and free of cyber criminals fishing.

Learn easy and simple cyber security tips for your small business

More helpful resources for you and your business

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.