, The Register 2004-04-20
The British are blasé about keeping sensitive personal data confidential. More than 60 per cent of 100 people approached in the street by researchers were happy to give clues about the type of password they used (such as date of birth or family names) on online banking or ecommerce sites. Combine this with other information, obtained through various social engineering tricks, and it is fairly easy to piece together a potential victim's online identity.
Expand all |
Post comment
Surveyors would't have the possibility to check the accuracy of the information given to them, so it must have been pretty easy to just give out a password for the chocolate. The study has no way of telling what the percentage is, of people that actually lied through the survey just to get their hands on a piece of chocolate.
It has become a common practice in North America for credit card companies to offer various gifts to anyone submitting an application. Filling out the form with bogus information (fake name, address, etc.) in order to get the freebie has become equally common.
If I saw someone handing out chocolate in exchange for Hotmail passwords, I would quickly create a Hotmail account, perhaps right there on the street using a PDA and available wireless AP, and give the credentials in exchange for the chocolate.
Oh wait, you said british chocolate ? Nevermind then. It's not worth the trouble.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/8490/25876#25876