The present invention relates to the field of email security and, more particularly, to enabling context aware enhancement for automatic electronic mail reply to mitigate risk.
Out-of-office email reply messages in email applications allow the user to specify a message to be sent automatically in reply to incoming emails when the user is unable to reply. For example, when a user is attending a conference in a different state than the office they work in, they can enable an out-of-office reply to incoming emails they receive during their attendance. Typically the user specifies the dates of their absence, contact information in case of emergency, and co-workers and report chain. The current systems rely on the user to set the recipient list correctly, listing all those that may see this information and all those that may not. This provides an opportunity for error and sensitive information that should not be shared by others, especially those that are not employees.
In particular, out-of-office notification systems can be used by hackers interested in “spearfishing” since it allows them to gain access to relevant information regarding the organization, as well as contextual information. For example, an attacker can send an email a random employee's email (e.g., obtained from a company website) to trigger an out-of-office reply (e.g., “Joe is out on vacation and Sally is covering for him”) which can be used to garner sensitive information. This kind of information can be used for social engineering to gain unauthorized access to company data and/or resources.