|
A survey by of 576 office workers has found that women far more likely to give away their passwords to total strangers than their male counterparts. Some 45% of women versus 10% of men were prepared to give away their password, to strangers masquerading as market researchers with the lure of a chocolate bar as an incentive for filling in the survey. The survey was actually part of a social engineering exercise to raise awareness about information security.
This year’s survey results, conducted by Inforsecurity Europe, were significantly better than previous years. In 2007 64% of people were prepared to give away their passwords for a chocolate bar, this year it had dropped to just 21. The researchers also asked the office workers for their dates of birth to validate that they had carried out the survey here the workers were very naïve with 61% revealing their date of birth. Another slightly worrying fact discovered by researchers is that over half of people questioned use the same password for everything (e.g. work, banking, web, etc.)
“Our researchers also asked for workers names and telephone numbers so that they could be entered into a draw to go to Paris, with this incentive 60% of men and 62% of women gave us their contact information," said Claire Sellick, event director of Infosecurity Europe. “But promise of a trip could cost you dear, as once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud.”
Workers were also questioned about their use of passwords at work. Half said that they knew their colleagues passwords and when asked if they would give their passwords to someone who phoned and said they were from the IT department, 58% said they would. Researchers also asked workers if they thought other people in their company knew their CEO's password. 35% them thought that someone else did with Personal Assistants and IT staff being the most likely suspects.
After the survey was completed, each worker was told real nature of the exercise. At this one man told one of our researcher “you look so well dressed and honest I did not think you could be a criminal”, which was a sentiment echoed by many others.
“This is precisely the problem,” said Ms Sellick. “Whether a criminal approaches you on the street or online, they will often not be who they appear to be, a criminal can often look very presentable.”
|
