About Us | Contact Us
View Cart

Auto-Reply Basics

By Vigilize | Tuesday, March 2, 2010 - Leave a Comment

Graphic by Jacki Hadaway

Technology. It’s here and people are not afraid to use it. They want to take full advantage of its possibilities. No stone left unturned so to speak. This includes an e-mail system’s Auto-reply feature. When we are out of the office, we don’t want our clients or other business associates to sit and wonder why we are not responding to their e-mails. We want them to be aware that, for the time being, we are out of the office and will get back with them when we return.

But almost every new technology introduces us to new vulnerabilities. E-mail is no exception. Beware that “black hat” attackers wreaking havoc with phishing attacks will not go away after multi-factor authentication is fully implemented. These attackers will use anything they can to gather information that can be used against an individual or business, and implement what is called an orchestrated attack. By combining seemingly innocent requests for information and other information gathering methods, these criminals can compromise a financial institution’s system. This includes information given out with a user’s Auto-reply feature.

Thus the purpose of this article: Be careful! When using your e-mail’s auto-reply feature, you need to be selective in what you divulge. Many attackers send out a rash of e-mails, just waiting for a recipient’s auto- reply to kick back a response. From there, these crafty individuals will use what information they get to plan a phishing attack or perform pre-text calling, gleaning information that can be used against you in the process. Any bit of information they get can be used in the larger picture of identity theft or masquerading.

In addition, spam attacks can gain momentum with auto-reply messages. Attackers use the messages to enter an endless look of auto-replies replying to auto-replies. This, in the long run, can result in a denial of service, loading mail servers with users’ auto-reply messages. In addition, they can be used to send viruses or worms to innocent victims.

The easiest way to mitigate risk with a particular technology is simply to cease using it. From a policy perspective, consider discouraging or even prohibiting the use of the auto-reply feature altogether. But if you must use your e-mail system’s auto-reply feature, here are a few tips to keep things under control and to be a little safer:

  • DO keep messages simple. State that you are out of the office, but don’t state your reason for being gone.
  • DO get permission before divulging an alternate contact’s information.
  • DO be careful about what you state about your job title (the higher up the ladder, the more attackers attempt to gather and use information).
  • DON’T be specific about the dates you will be away from the office.
  • DON’T divulge an associate’s e-mail address (this is more fuel for their fire). Give a phone number of someone that can help them in your absence instead.
  • DON’T divulge personal information in your auto-reply message (home phone, cell phone, etc.).
  • DON’T set auto-reply messages for your home e-mail. (You may get a very unwanted visitor while you are gone!)

Another step that can be done (see your network administrator) is to use your e-mail system’s filter settings. It’s simple to filter out e-mails that contain auto-reply words or phases in the subject line or header. You can have these messages directed to your “trash bin” rather than having them inundate your “in” basket. This is useful for those loops that the attackers may have set up.

The bottom line is: be careful when using your system’s auto-reply feature. You never know who will be the recipient! And as always, if your company allows auto-reply, be sure to increase user awareness about the vulnerabilities.


 

Latest News
    A Webinar-Movie In 2018 the NCUA started reviewing credit unions with $1 billion or more in assets using a tool known as the Automated Cybersecurity Examination Tool, or ACET. The expansion to smaller credit unions is inevitable. In the new year, credit unions should now think about how they can come into compliance with the […]
    What are the top seven risks your board should know about in 2021? Since his first board presentation in 2000, when Dan presents audit reports to boards of directors, he also talks to the board about the top risks the institution is facing. Since 2006, Dan has been compiling a list of the “top seven […]
    It’s time for another workshop for the technical side of the community-bank. The infotex Team brings you all new topics for 2021! Topics that are jam packed with all the techno-babble that is often lost on management, but is music to the Bank IT Geek’s ears. Time for a workshop where we can turn off the […]
     A Timeline Update as of 02/22/21 An update to our Newest Employee’s FIRST Technical Article Another interim post-mortem review . . . . A Note About Updates: We have decided to leave the original article as it was originally posted and to update this post with any changes that have been made. You can see […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    A Webinar-Movie The 2020 annual webinar update on the subject will include a review of the previous years’ movies that are already available, and a discussion about alternative tactics that have arisen from recent virtual conferences and regulator panels.
    The cybersecurity industry faces challenges, and some of them may involve your business… An article review. In a world where threats to your organization’s electronic assets are constantly emerging and evolving a cybersecurity insurance policy can help mitigate risk…but what kind of risk does the cybersecurity insurance industry face?  A new article in the Harvard […]
    A Timeline as of 01/24/2021 Our Newest Employee’s FIRST Technical Article Another interim post-mortem review . . . . A Note About Updates: We are leaving this article as is, but for any updates to the timeline, check the Autopsy of the SolarWinds Hack Timeline Update article!      – Vigilize Introduction: As the managing […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS FORUM AND CONFERENCE NEWS infotex is proud to announce that Dan Hadaway will be moderating a series of IT Forums for the Ohio Bankers League. “We are excited to continue fostering the relationship with the OBL to help educate and keep Risk Management at the forefront of […]
    Top 7 Trend Articles of 2021. . .  . . .For ISOs of Small Financial Institutions. Welcome to our annual T7 article:  a list of our favorite trend articles from the past year.  Our intent: help you organize your thoughts as your work through your strategic planning process.  We hope reviewing these articles will help you […]