How to set cyber-safe out of office replies | Outlook 2016

How to set cyber-safe out of office replies | Outlook 2016


As we approach the winter break and you plan to leave the business to spend time with your loved ones. Before you say farewell to both your internal and external contacts we thought it'd be useful to share with you the unknown truth of out-of-office replies. More specifically how much of a risk they pose to your business if you do not form the right message.

What's an out-of-office message?

Microsofts email client, Outlook allows you to create a message that will be automatically sent to people who email you while you're away from the office.

You can use this feature to let people know you might be slower to reply than normal and to tell them who to contact in your absence.

The problem with out-of-office messages

Although out-of-office messages are certainly useful, they sometimes contain information that can be used by criminals. For instance:

  • If you're a freelancer, it's a fair bet that you work from home. So if your out-of-office message boasts that you're on holiday in Australia, criminals might deduce that your house is an easy target for burglary.
  • If your message includes a colleague's name, email or phone number, cyber-criminals can use these details in a spear phishing attack. They can email your colleague with a convincing-sounding message, to trick them into providing sensitive company data.
  • If you've created an out-of-office reply that lets people know you're away for two weeks, criminals may try to impersonate you online, knowing that you're less likely to notice someone else using your identity.

However, these scenarios don't mean you should stop using out-of-office messages entirely. Just take some precautions.

How to write a safe out-of-office message? 2:11

Being selective about the information you include in your out-of-office messages is the best way to minimise the security risk:

  • Say you're 'unable to respond to emails at the moment', instead of providing detailed information about your holiday.
  • Don't promise to reply by a certain date or say when you'll be back.
  • If possible, avoid providing a specific colleague's details. Instead, include a generic email address (like
  • If you feel you must offer a colleague's details, only provide one name. Don't give scammers a whole list of targets.
  • Consider setting two messages, if your email service allows this – one to be sent to colleagues, one (containing fewer details) to be sent to external contacts.

Always ask yourself: Am I giving away too much information?

If you have any questions relating to Outlook or even email security, feel free to get in touch on 01527 570 535, alternatively, you can email us on

One of our consultants will be happy to take your inquiry and assist you further.