WANT TO WORM YOUR way into a woman’s email inbox? It’s easy, just buy her a bar of chocolate and the password’s all yours. Or so claim security analysts Infosecurity Europe, who polled 576 office workers outside Liverpool Street Station in London, as part of their Information Security Awareness week which starts on the 21st April.
According to the survey, 45 per cent of women were quite happy to give strangers, posing as market researchers, their email password, in return for a chocolate bar, as opposed to only 10 per cent of men. Hmmm…Wonder what the results would have been if they’d offered beer?
The unsuspecting workers were asked to fill out a survey which was actually nothing more than a cover for social engineering research to prove that gullible (and snack crazed) people would give out all kinds of information for chocolaty treats.
Despite the fact that many people still fell for the trick, Infosecurity reckons that on the whole, people did a lot better than last year, when they performed the same sort of test. In 2007 a whopping 64 per cent of people were prepared to give away their passwords for a chocolate bar, but this year only 21 per cent succumbed to the temptation. Maybe this year’s crowd are dieting.
61 per cent of people weren’t in the least bit shy about revealing their date of birth to researchers, nor were they hesitant about revealing personal details about their colleagues, including their names and phone numbers, for a chance to enter a prize draw where they could win a trip to Paris. Lots of chocolate in Paris, so no surprise that 60 per cent of men and 62 per cent of women said “oui”, to that one.
Infosecurity’s Boffins also discovered that more than half of people used the same password for everything, and that 43 per cent of people rarely changed them. 58 per cent even admitted that they’d freely give out their passwords to anyone who called them saying they were from their office’s IT department, and half claimed to know passwords belonging to their colleagues.
Claire Sellick, Event Director for Infosecurity Europe said that the promise of a trip could cost people dearly, because “once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud.”
When people were eventually told that the survey they had just filled in had actually been part of a security awareness test, most were surprised, with some claiming that because the researchers looked so well dressed and honest, they seemed trustworthy and not in the least bit criminal.
So criminals take note; dress well, smile, and most importantly, stock up on the Snickers bars, and we’re like putty in your hands. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted