[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] No One at Home
[I should also point out all these "out of the office" messages are
ideal for the social engineer. Then calling the help desk as your
"assistant" looking for a password reset, to get that Powerpoint file
for the budget, otherwise we might all be out there looking for a new
job, and collecting unemployment. :) - WK]
By Andrew Chang
Dec. 19 - Office workers who set up their e-mail to leave an "out of
office" message when they're on vacation may be setting themselves up
as victims of burglary - without even knowing it.
British technology group Tif recently warned that thieves could be
buying huge lists of e-mail addresses, and sending mass-mailings in
the hopes of receiving auto-replies to find out who could be on
Then, after obtaining the e-mails, thieves could cross-reference them
with publicly available personal information to find the
vacation-goer's name, telephone number and address.
"You wouldn't go on holiday with a note pinned to your door saying who
you were, how long you were away for and when you were coming back, so
why would you put this in an e-mail?" said David Roberts, Tif's chief
"If employees or frequent home users do not understand some of the
potential consequences of using a feature intended to help
relationships with colleagues and customers while away from the office
or on holiday then they may become the victim of a crime," he said.
The Justice Department and the FBI said they had did not have any
current investigations of such crimes underway, but FBI public affairs
officer David Wray told ABCNEWS the FBI watch section "has some
indication that there might be some of this activity."
Mark Rasche, vice president of cyber-security firm Solutionary said
it's "common sense" that such a crime could take place in the United
States - especially in the holiday season, when many people will be
away from home.
But there are ways to prevent becoming a victim, Rasche said. There is
some expectation with e-mail that people respond as soon as possible,
he said, so not using an "out of office" auto-reply is out of the
Computer users can make their out of office replies as vague as
possible though, he said. "Some people leave a very detailed out of
office message with notes like 'I will be in the Philippines for two
weeks,'" he said.
Having an address that is not associated with your name, and having an
unlisted home phone number can help too, he said.
Tif's information security group also suggested users redirect
enquiries to another colleague, refrain from giving out details like
personal contact information or job title in such replies.
The "out-of-office" burglary scheme might be one of the perils of
technology, but technology can provide solutions too, Rasche said.
"The Lord giveth and the Lord taketh away."
Users can set up a spam filter so that their out-of-office replies go
only to designated people - colleagues, for instance. Workers who will
be away from home can also use the Internet to keep an eye on an empty
house, he said.
Rasche says he has set up a remote motion detector camera in his
house, so he can see if there's anything moving in his house when he's
But there's no way to absolutely guarantee you won't be a victim of
burglary when you're away from home, he said. The "out-of-office" scam
is no different than thieves who use travel agencies or security
companies or newspaper deliveries to find out when people aren't home.
"It's just a high-tech way of doing things that can be done in a
low-tech way," he said.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.