IRS Employees Fall For Hackers

linuxwrangler writes "Treasury department auditors recently posed as network technicians and attempted to get IRS employees to reveal their usernames and passwords and/or change the password to one suggested by the "technician". The result: over one-third shared their passwords. If there is any good news in the story it is that the 35% figure represents a substantial reduction from the 71% who fell for the ruse in 2001."

Social Engineering is the biggest problem

[suso]

Just like I always say. Social Engineering is the biggest security problem nowadays. Maybe this time it showed a decrease in the people who fell for the attack, but I bet that if the Auditors increased the sophistication of their ruse, that they would actually increase the amount who fell for it.

Re:Social Engineering is the biggest problem

[LewsTherinKinslayer]

Social Engineering has always been the biggest problem. There is no such thing as perfect security when too many people are in the know, or have some sort of access.

No matter how good an encryption system is, its obviously going to fail if the person breaking in has the right information.

Re:Social Engineering is the biggest problem

[suso]

Right, but it also *seems* (I have no fact to back up this claim) that social engineering is the least worried about security vulnerability.

I was however pleasantly surprised recently when going to a gas station, paying at the pump, the receipt didn't print out and when I went inside the cashier actually asked me for the last name on the card instead of just handing me the receipt. I almost offered him a job.

I would be happy..

[KenFury]

While not perfect results, a 50% decrease in the number of users giving away their password is a victory. Hopefully in a few years it will be down to 10%.