I checked my personal email account and found I had 3 out-of-office replies from people who obviously belonged to the same organization. However, I had never emailed any of them.
At first I thought they were some kind of a malware emails, but they were text only and contained no links. So I just left them in my email box and wondered about them every time I saw them. Then I figured it out.
During the long holiday season, I submitted a comment to a blog, and evidently that blog notifies these people about any comments. Since all 3 of those people happened to be out of the office (OOO) on the day I submitted the comment, I received an OOO reply from each of them. At first this annoyed me, but then I realized I received some great information on these folks:
- They’re were of the office, and I know when they’ll be back.
- One of them was vacationing overseas. That means their home in Ohio was probably empty, and I could rob them blind. Or just sell the info on a thiefer’s website.
- Their internal email addresses, work addresses, and phone numbers, including cell numbers.
- Who they defer to when they out of the office, because each of them said in their OOO reply, “if emergency, contact X”. Can you spell “social engineering”?
- Internal email addresses, work addresses, and phone numbers, including cell numbers of their emergency contacts.
- Info on people that are associated with this blog. It sure makes tracking down who writes for the blog a lot easier. They didn’t hid it very well, did they?
Granted, receiving this info when you’re inside the organization is not a big deal, but I am not an insider. I’m just a smuck who wandered across the Internet and submitted a blog comment. But now I have insider knowledge. I should have been a spammer.