It’s the holiday season, and that’s when we often make it easier for attackers to do their business. For example, consider the out-of-office replies that we attach to messages. This time of year, it’s typical for people to take time off between Christmas and the New Year. Those out-of-office messages often contain key information about how long the person will be out of the office, where they might be going, information about their office location, or their assistants and co-workers that attackers may and can use to perform social engineering attacks against the organization.
Of course, out-of-office messages aren’t the only way attackers can get social information about your organization. The best attackers already know about you and your organization from LinkedIn, already know about holiday trips and plans from Instagram and Facebook, and won’t care if you are in the office because they plan to attack you quietly. They may, in fact, attack your organization during a busy time as the events in the logs will be buried with all the other normal traffic.