â€˜Live Phishingâ€™ Experiment Nets Consumers â€“ Hook, Line, and Sinker
How likely are you to be wooed into a false sense of security by a friendly face or the promise of a cash prize?
A friendly, wholesome-looking team of surveyors recently set up shop in New Yorkâ€™s Central Park on behalf of RSA Security to find out how much personal information consumers would give up while participating in a survey supposedly about tourism in the city.
See Also: Automating Security Operations
The experiment was set up to feel official and safe, much as online phishing attacks try to convince customers of their legitimacy with real logos and industry terminology. In this experiment, the questions were aimed at uncovering the type of 'innocent' information â€“ motherâ€™s maiden name, favorite sports team, date of birth â€“ that people commonly use as passwords but do not generally think they need to protect.
The results show that most consumers freely give up personal data that can be used to guess their account passwords or to steal their identity outright. The following findings demonstrate a distinct absence of vigilance on the part of consumers:
- More than 70% of respondents gave up their mother's maiden name.
- More than 90% provided both their date and place of birth.
- Nearly 55% explained how they devise their online passwords.
- Nearly 85% provided their full name, current street address, and e-mail address.
A small number of survey takers declined to explain how they devised their passwords, calling the request â€œtoo personal.â€ But the same people had no problem handing over their date of birth and motherâ€™s maiden name, which suggests consumers often arenâ€™t aware of â€œback doorsâ€ into their accounts.
Â© National Security Institute, Inc. â€“ Content excerpted from NSIâ€™s SECURITYsenseâ€”a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html .