A report released Wednesday by Infosecurity Europe revealed that not only is chocolate good bait for getting someone's password, so is an attractive appearance.The survey was conducted outside Liverpool Street Station in the City of London. Researchers asked 576 office workers various questions, and managed to get the password from 21% of them. The "prize" for completing the survey? A chocolate bar.
Interestingly, women were 4.5x as likely to give up their passwords for said chocolate bar, with 45% of them responding, while only 10% of men gave up their passwords.
Still, this was a great improvement over 2007, when Infosecurity Europe was able to get passwords from 64% of people. However, more than 50% of those surveyed used the same password everywhere. And 61% gave their date of birth when asked for it.
60% of men and 62% of women were willing to reveal their phone number when told it was to enter them into a drawing for a trip to Paris. This, as Claire Sellick, Event Director, Infosecurity Europe said in a press release, is tantamount to a major security breach.
"That promise of a trip could cost you dear, as once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud."Further, the press release seemed to indicate that the more professional the survey takers appeared, the more likely information would be revealed.
After the survey was completed, each worker was told 'We do not really want your personal information this is part of an exercise to raise awareness about information security as part of Information Security Awareness Week which runs from the 21-25 April 2008. We will tabulate results to find out how good people are at securing their information.' At this one man told one of our pretty researchers you look so well dressed and honest I did not think you could be a criminal, which was a sentiment echoed by many others.Infosecurity Europe is actually an event, held during the aforementioned Information Security Awareness Week. This year it runs from 4/22 to 4/24 at the Grand Hall, Olympia, London.
Claire Sellick continued "This is precisely the problem, whether a criminal approaches you on the street or online, they will often not be who they appear to be, a criminal can often look very presentable. Many of the social engineering techniques used by face-to-face fraudsters have been adopted by criminals to encourage people to open spam emails or visit websites that are infected with viruses, trojans or malware collectively known as crimeware."
Oh, and stay away from that chocolate.
0 comments:
Post a Comment