Out-of-Office Notifications Used by Hackers in Reconnaissance Missions

Trend Micro experts reveal that the information can be used in spear phishing attacks

By on November 20th, 2012 12:10 GMT

Out-of-office notifications are utilized in most corporate environments to make sure that those who send us emails while we’re on vacation or on the field don’t think we’re ignoring them, or to let them know who to contact in case of an emergency.

However, few users realize that these out-of-office notifications are actually a valuable resource for cybercriminals planning a targeted attack.

It’s well known that a clever social engineer is capable of using even insignificant pieces of information and turn them to his advantage.

The explanation of why the account owner is out of office, the email signature, the estimate time of when he/she returns, and alternative contact details don’t seem much. However, Trend Micro experts highlight the fact that hackers can successfully use the information for spear phishing.

Attackers know that during the upcoming holidays many workers will be out of office, so they might try to gather the information contained in multiple out-of-office notifications.

This is especially easy since in many cases the targeted email addresses can be found via a simple Google search. Also, if the target’s name is known, cybercriminals can rely on the fact that corporate email addresses tend to follow the firstname_lastname@companyname.com format.

On the bright side, as long as IT administrators are aware of this threat, it’s not a difficult task to mitigate it.

Email servers and even email clients offer users the ability to control out-of-office notifications to make sure that valuable information doesn’t end up in the wrong hands.

For instance, for emails that come from within the company, the responses can contain more details, but for ones coming from outside, the information should be limited.

For an even higher level of security, administrators can blacklist/whitelist certain domains, or they can ban some user categories from sending out-of-office notifications to external domains altogether.

Comments