[Infowarrior] - Security is No Match for Chocolate and Good Looking Women

Richard Forno rforno at infowarrior.org
Wed Apr 16 20:12:27 UTC 2008 

Security is No Match for Chocolate and Good Looking Women

Posted by Ben Worthen

People are too trusting, especially when there¹s chocolate on the line.

http://blogs.wsj.com/biztech/2008/04/16/security-is-no-match-for-chocolate-a
nd-good-looking-women/?mod=WSJBlog


A survey out today by the organizers of the tech-security conference
Infosecurity Europe found that 21% of 576 London office workers stopped on
the street were willing to share their computer passwords with a good
looking woman holding a clipboard. People were offered a chocolate bar in
exchange for the information. More than half of the people surveyed said
they used the same password for everything.

As depressing as the survey may be for the security pros whose job it is to
keep corporate networks safe, the results are a substantial improvement over
last year. That was when 64% of people were willing to give away their
passwords. But there were other disturbing signs this year: 61% of workers
surveyed shared their birthdates and a similar number ­ 60% of men and 62%
of women ­ shared their names and telephone numbers.

This doesn¹t sound particularly damaging, but cyber criminals could use this
information to craft so-called phishing emails that install malicious
computer code when opened or try to convince people to cough up more
damaging information like a bank account number.

It¹s easy to dismiss this kind of threat as more imagined than real, but
consider that this week, around 20,000 corporate executives received
phishing emails that purported to be a subpoena. The emails seemed authentic
because they addressed the execs by name and included their phone numbers,
the Washington Post reports. By clicking on the link in the email and
following the directions supposedly required to view the subpoena, the
executives installed software on their computers that can steal usernames
and passwords. So far, the scam has netted around 2,000 victims, according
to the Post.
Permalink

More information about the Infowarrior mailing list