Byte of Prevention Blog

by Jay Reeves |

Auto-Reply Can Mean Auto-Trouble

Pin on Pinterest Share on Google+ Share on LinkedIn

Auto-Reply Can Mean Auto-TroubleYou’re headed off for a well-deserved vacation. All your cases are covered. All loose ends are tied up.

You start to turn off your computer – but before you do, you remember to leave an out-of-office auto-reply email message.

Smart move, right? Maybe not.

Cyber-security experts urge caution when using email auto-reply. They say it gives hackers and scammers too much personal information – and it might even open doors for them to sneak in while you’re gone.

Why Hackers Love Auto-Reply

Consider the following sample email auto-reply message:

Thank you for your contacting me. Please be advised that I will be out of the office from March 3 through March 7, attending a cyber-security conference in Concord. I will not be checking my email during this time. If this is an urgent matter, feel free to contact my assistant, Joe Wrighthand, directly at 919-354-6438 or jwrighthand@goodlaw.com.

Just by reading your auto-reply, bad guys will acquire a lot of personal information about you and your whereabouts. For instance, they now know:

  • You are not in the office.
  • You are not even in town – you are in Concord.
  • You will be gone through March 7.
  • Your assistant is Joe Wrighthand.
  • Your assistant has at least some authority to conduct business in your absence.
  • Your assistant has a direct phone line and a separate email address.

Imagine the nefarious ways a naughty person might use this information.

The most important information spammers receive from an auto-reply is proof of an active and functioning email account. Once they have this in hand, you become a target for future spam and phishing schemes. Your email address might be shared or sold on the black market.

“The best practice is to avoid using the out-of-office auto-reply at all,” advises Andy O’Donnell at Net Security. “Skip the auto-reply, call your important customers and family and let them know how to reach you. If you feel you must use an auto-reply, be extremely vague in your language. State that you will be unavailable, which will provide uncertainty as to whether you are out of town or just in a long (local) meeting. Remove your signature block and avoid providing any personally identifying information.”

Ways to Avoid Trouble

There are two principal dangers in auto-reply messaging: (1) you have no control over who sees the message, and (2) you have no control over what they do with its contents.

Here are some ways to side-step the danger:

  1. Come up with an office policy. Make sure everyone is on the same page. “Prepare and implement a security policy or user agreement, so users know the company policies with regard to protecting information,” says Professional Liability Matters. “The policy should note what information can be divulged in an out-of-office notification.”
  2. Report suspicious behavior. Alert everyone in the office to potential holes in the system.
  3. Don’t drop names unnecessarily. A thief who knows not only your name but also the name of your trusted assistant – and perhaps the name of the city, hotel and conference you are attending – can cause mischief.
  4. Less is more. Be vague in your out-of-office message. Very vague. Leave the details for direct communications.
  5. Use different messages. “If possible, utilize one message for internal responses and another for e-mails from out-of-office contacts,” advises one expert.
  6. Block potential spam. Ask your IT manager to configure your account so it either blocks messages from Internet addresses or does not reply to them.
  7. Reply only to trusted sources. Configure your account so that it only sends an auto-reply to specified clients, members of a user group or those who are on your contact list.
  8. Remove your email signature from the auto-response. This seemingly harmless detail is packed with information that can be used by scammers.

And finally, make sure those who are in the office know how to reach you if red flags pop up while you are away. This assures immediate, direct action to deal with problems before they explode.

Jay Reeves a/k/a The Risk Man is an attorney licensed in North Carolina and South Carolina. Formerly he was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. Contact jay@lawyersmutualnc.com, phone 919-619-2441.

Sources:

 

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts

LM Portal Access your LM Portal for policy information and forms.
Need Insurance? See the difference service can make.
Payment Due? Make an online payment now.
Lawyers Mutual NC Logo

Get In Touch

Lawyers Mutual Insurance Company
1001 Winstead Drive, Suite 285

Cary, NC 27513

919.677.8900
 | 
1.800.662.8843

Fax: 919.677.9641

Latest Alerts

The Corporate Transparency Act: What North Carolina Law Firms Need to Know

Lawyers Mutual has published previous alerts regarding the new filing requirements under the Corporate Transparency Act (“CTA”) that went into effect January 1, 2024. After reviewing additional resources, we want to emphasize concerns that we have about the risks and increased potential liability for lawyers undertaking the reporting requirements. This is especially true for the continuing reporting requirements after entity formation and initial reporting.  

Learn More

eCourts Expansion Announced for 2024

The North Carolina Administrative Office of the Courts (NCAOC) recently announced additional go-live plans for counties transitioning from paper files to Enterprise Justice (Odyssey), which currently serves Harnett, Johnston, Lee, Mecklenburg and Wake counties. Twelve northeastern counties comprising Track 3, as previously announced, will go live on February 5, and 10 counties comprising Track 4 (Alamance, Chatham, Durham, Franklin, Granville, Guilford, Orange, Person, Vance and Warren) will go live on April 29.   

Learn More