People are getting wiser about their passwords, but not necessarily about their personal information, according to a survey conducted in Europe.
The survey, conducted by conference group Infosecurity Europe, found that only 21 percent of the nearly 600 people queried outside Liverpool Street Station in London gave up their password when offered an incentive -- in this case, a chocolate bar -- down from 64 percent last year. Yet, of the people who declined to give their password, six in ten later identified the type of information -- such as date of birth, pet's name, or anniversary date -- used to create their password.
The researchers were also able to convince people to part with some personal information in exchange for a fictional drawing to win a trip to Paris. Seven out of every ten people gave up their name and e-mail address or a phone number, while six out of every ten people parted with their date of birth, according to a summary of the survey.
"This research shows that its pretty simple for a perpetrator to gain access to information that is restricted by having a chat around the coffee machine, getting a temporary job as a PA or pretending to be from the IT department," Claire Sellick, event director for Infosecurity Europe said in a statement. "This type of social engineering technique is often used by hackers targeting a specific organization with valuable data or assets such as a government department or a bank."
In 2004, a similar study found that 61 percent of people were willing to give up their password to pollsters.
While socially engineering workers in front of a train station underscores the point that there are multiple ways to breach corporate security, a more significant threat comes from targeted Trojan horse programs that convince their targets to run malicious software and then steal passwords and account information. Other threats use compromised legitimate sites or ad networks to deliver malicious code to potential victims.
In the latest survey, the dramatic increase in the percentage of people who protect their password information from casual questioning appears to indicate that workers are becoming more savvy about computer security. However, women appear to be more trusting with password information than men, giving up their secret code 45 percent of the time, compared with only 10 percent of the time for men. The result may indicate that computer-security training of female office workers is behind that of their male counterparts.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos