No One at Home

[InfoSec News <isn () c4i org>]

http://abcnews.go.com/sections/scitech/DailyNews/burglary021219.html

[I should also point out all these "out of the office" messages are
ideal for the social engineer. Then calling the help desk as your
"assistant" looking for a password reset, to get that Powerpoint file
for the budget, otherwise we might all be out there looking for a new
job, and collecting unemployment. :)  - WK]


By Andrew Chang
abcnews.com

Dec. 19 - Office workers who set up their e-mail to leave an "out of 
office" message when they're on vacation may be setting themselves up 
as victims of burglary - without even knowing it.

British technology group Tif recently warned that thieves could be 
buying huge lists of e-mail addresses, and sending mass-mailings in 
the hopes of receiving auto-replies to find out who could be on 
vacation.

Then, after obtaining the e-mails, thieves could cross-reference them 
with publicly available personal information to find the 
vacation-goer's name, telephone number and address.

"You wouldn't go on holiday with a note pinned to your door saying who 
you were, how long you were away for and when you were coming back, so 
why would you put this in an e-mail?" said David Roberts, Tif's chief 
executive.

"If employees or frequent home users do not understand some of the 
potential consequences of using a feature intended to help 
relationships with colleagues and customers while away from the office 
or on holiday then they may become the victim of a crime," he said. 

Protect Yourself

The Justice Department and the FBI said they had did not have any 
current investigations of such crimes underway, but FBI public affairs 
officer David Wray told ABCNEWS the FBI watch section "has some 
indication that there might be some of this activity."

Mark Rasche, vice president of cyber-security firm Solutionary said 
it's "common sense" that such a crime could take place in the United 
States - especially in the holiday season, when many people will be 
away from home.

But there are ways to prevent becoming a victim, Rasche said. There is 
some expectation with e-mail that people respond as soon as possible, 
he said, so not using an "out of office" auto-reply is out of the 
question.

Computer users can make their out of office replies as vague as 
possible though, he said. "Some people leave a very detailed out of 
office message with notes like 'I will be in the Philippines for two 
weeks,'" he said.

Having an address that is not associated with your name, and having an 
unlisted home phone number can help too, he said.

Tif's information security group also suggested users redirect 
enquiries to another colleague, refrain from giving out details like 
personal contact information or job title in such replies. 

Double-Edged Sword

The "out-of-office" burglary scheme might be one of the perils of 
technology, but technology can provide solutions too, Rasche said. 
"The Lord giveth and the Lord taketh away."

Users can set up a spam filter so that their out-of-office replies go 
only to designated people - colleagues, for instance. Workers who will 
be away from home can also use the Internet to keep an eye on an empty 
house, he said.

Rasche says he has set up a remote motion detector camera in his 
house, so he can see if there's anything moving in his house when he's 
away.

But there's no way to absolutely guarantee you won't be a victim of 
burglary when you're away from home, he said. The "out-of-office" scam 
is no different than thieves who use travel agencies or security 
companies or newspaper deliveries to find out when people aren't home. 

"It's just a high-tech way of doing things that can be done in a 
low-tech way," he said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.