'Out Of Office' Replies May Cost You Dearly

By
<a href="mailto:andrew.chang@abc.com">Andrew Chang</a>
January 7, 2006, 6:56 AM ET
3 min read

Dec. 19, 2002 -- Office workers who set up their e-mail to leave an "out of office" message when they're on vacation may be setting themselves up as victims of burglary — without even knowing it.

British technology group Tif recently warned that thieves could be buying huge lists of e-mail addresses, and sending mass-mailings in the hopes of receiving auto-replies to find out who could be on vacation.

Then, after obtaining the e-mails, thieves could cross-reference them with publicly available personal information to find the vacation-goer's name, telephone number and address.

"You wouldn't go on holiday with a note pinned to your door saying who you were, how long you were away for and when you were coming back, so why would you put this in an e-mail?" said David Roberts, Tif's chief executive.

"If employees or frequent home users do not understand some of the potential consequences of using a feature intended to help relationships with colleagues and customers while away from the office or on holiday then they may become the victim of a crime," he said.

Protect Yourself

The Justice Department and the FBI said they had did not have any current investigations of such crimes underway, but FBI public affairs officer David Wray told ABCNEWS the FBI watch section "has some indication that there might be some of this activity."

Mark Rasch, vice president of cyber-security firm Solutionary said it's "common sense" that such a crime could take place in the United States — especially in the holiday season, when many people will be away from home.

But there are ways to prevent becoming a victim, Rasch said. There is some expectation with e-mail that people respond as soon as possible, he said, so not using an "out of office" auto-reply is out of the question.

Computer users can make their out of office replies as vague as possible though, he said. "Some people leave a very detailed out of office message with notes like 'I will be in the Philippines for two weeks,'" he said.

Having an address that is not associated with your name, and having an unlisted home phone number can help too, he said.

Tif's information security group also suggested users redirect enquiries to another colleague, refrain from giving out details like personal contact information or job title in such replies.

Double-Edged Sword

The "out-of-office" burglary scheme might be one of the perils of technology, but technology can provide solutions too, Rasch said. "The Lord giveth and the Lord taketh away."

Users can set up a spam filter so that their out-of-office replies go only to designated people — colleagues, for instance. Workers who will be away from home can also use the Internet to keep an eye on an empty house, he said.

Rasch says he has set up a remote motion detector camera in his house, so he can see if there's anything moving in his house when he's away.

But there's no way to absolutely guarantee you won't be a victim of burglary when you're away from home, he said. The "out-of-office" scam is no different than thieves who use travel agencies or security companies or newspaper deliveries to find out when people aren't home.

"It's just a high-tech way of doing things that can be done in a low-tech way," he said.