Attackers rely on us to overshare online and give them enough insight to gain access into our lives and networks. Fear shouldn’t stop us from enjoying social media or sending emails. However, we should increase our email security awareness and equip ourselves with the right solutions and technologies.
Whether it’s what we share on social media or send via email, our online habits and activities may be putting our personal information and company data at risk. Attackers rely on us to overshare and give them enough insight to gain access into our lives and networks. They hope we put down our guards and reveal too much about ourselves and our companies, giving them enough to impersonate us or execute phishing attacks.
Research shows that email is the #1 threat vector for social engineering, with 88% of people receiving a suspicious email in the past year. After email, the leading path by which cybercriminals gain access is social media. That’s why we should be cautious about what we reveal on social media and email communications, especially our automated out-of-office (OOO) or vacation replies.
Best Practices for Automated OOO Email Replies
Your OOO message may seem straightforward and, therefore, harmless; it tells the reader the dates you’ll be out of the office. It may also include who to contact instead while you’re away. If your vacation reply is set to respond to everyone who emails you while you’re on vacation, spammers are receiving your OOO email too, along with all its details.
In the hands of a fraudster, this information can be used to infiltrate your networks through phishing scams and brand impersonation. And depending on how much you share in your OOO, the insight can be used for other illegal activities such as a home burglary. Mentioning you’ll be on vacation tells the reader that your home may be empty. Including your return date tells them how long your house will be left unattended. Therefore, crafting an OOO reply that doesn’t reveal too much is critical. Here are some tips:
- Create two versions of your OOO: one for internal emails and one for outside your organization
- Don’t mention you are on vacation; say you are away from your computer or currently unavailable
- Set up a forwarding email or direct them to an emergency contact that doesn’t reveal the chain of command
- Don’t mention your destination
- Don’t disclose the length of your travel to recipients outside your company
Avoiding Social Media Overexposure
Whether it’s posting on your personal social media or a company page, oversharing can endanger your family, colleagues, clients, company’s intellectual property, and brand reputation. Unintentionally, you may be leaking insider information, exposing methodologies, and revealing clients who prefer to stay anonymous. Cybercriminals analyze everything from the backgrounds on your photos to the voice and tone of your captions. Posts you share publicly can help them discover your work habits, company schedules, and co-employees names.
In an article published in Penn Today titled The dangers of sharing personal information on social media, Joseph Turow, a communications professor, says hackers “use these details to hack social media accounts, guess security questions on financial sites, and send customized ‘spear phishing’ messages designed to fool you into forking over sensitive information.”
Fear shouldn’t stop us from enjoying social media. However, we should recognize what is at risk each time we post about our lives or jobs. According to research by Tessian, only 54% of people admit paying attention to the sender’s email address, while a little under half reported checking the legitimacy of attachments and links. So if we must share our lives and jobs on social media, we should increase our email security awareness and equip ourselves with the right solutions and technologies.
For a robust email security solution with a high operationalization level that will protect you in 2021 and beyond, contact us.
Author: Rui Serra
With degrees in Computer Engineering and Marketing, Rui started his career managing training documentation for IT Training and consulting firms. He then joined Nokia Siemens Networks as a Documentation Specialist and Project Scrum Master before joining AnubisNetworks in 2009, where he has advanced from managing documentation to Product Manager for the growing Product Portfolio.