Switching on your out-of-office email can be a rewarding, final task before heading on holidays. The only catch? Cyber criminals might try to use it against you.
According to a new research report released by Cyber Wardens, Risky Business, details included in out of office messages can be used against small businesses in cyber attacks.
Out of office emails can be like putting up a sign that says, “Hey, I’m not here right now,” particularly when you paint a picture of your travel plans. Online criminals can use this information to scam the business by impersonating the owner or employee on leave.
The report interviewed 2,000 small business owners and employees and it found 1 in 10 owners had observed personal details added to out of office emails.
Case Study: Holiday Impersonation Scam
In early 2023, the owner of an Australian family-run business took a well-earned international holiday. Excited to be on leave, and to remind people they’d be out of contact their out of office message contained travel dates and details of the places they were looking forward to be visiting.
Using the information in the email, the cyber criminal devised a targeted impersonation attack pretending to be the CEO stuck in a specific travel location with a compelling story of having had their accounts locked overseas.
Team members started receiving emails like, “Could the accountant please transfer money to a local account?”
Thankfully, the business had a well-established process to double verify large transactions and was able to identify the scam at the last minute.
PRO TIPS
- Avoid personal details
- Don't share your travel destination
- Avoid listing your exact length of holiday
- Consider creating different out-of-office replies based on whether the message is going to someone inside or outside your company
- Consider using a general email address to refer customers to, instead of towards specific employees.
An out-of-office email template
If you’re stuck on what to include (or not include) in your out of office message, we’ve drafted an easy template for you to use:
Thank you for your email. I am currently away from my computer and may be delayed in my response. For urgent matters, please contact our team at [general team email] or call the office at [office phone number].
Best regards,
Sarah
More cyber safe habits from the research
The Risky Business research report highlighted some of the most common cyber security pitfalls that could expose small businesses to potential threats, data breaches and financial losses.
The findings aim to raise awareness and empower small business owners to enhance their cyber resilience by building simple cyber-safe habits into their daily business lives.
The positive news is that small business owners and team members can build good everyday habits that increase their cyber safety and decrease the chances a cyber criminal can break into their business.
Your business’ cyber security is only as strong as the good habits each team member practises so we’ve made the report easy to read and encourage you to share with your colleagues.
With Cyber Wardens, you can keep your digital floors clean and free of cyber criminals fishing.