‘Live Phishing’ Experiment Nets Consumers – Hook, Line, and Sinker

How likely are you to be wooed into a false sense of security by a friendly face or the promise of a cash prize?

A friendly, wholesome-looking team of surveyors recently set up shop in New Yorkâs Central Park on behalf of RSA Security to find out how much personal information consumers would give up while participating in a survey supposedly about tourism in the city.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

The experiment was set up to feel official and safe, much as online phishing attacks try to convince customers of their legitimacy with real logos and industry terminology. In this experiment, the questions were aimed at uncovering the type of 'innocent' information â" motherâs maiden name, favorite sports team, date of birth â" that people commonly use as passwords but do not generally think they need to protect.

The results show that most consumers freely give up personal data that can be used to guess their account passwords or to steal their identity outright. The following findings demonstrate a distinct absence of vigilance on the part of consumers:

  • More than 70% of respondents gave up their mother's maiden name.
  • More than 90% provided both their date and place of birth.
  • Nearly 55% explained how they devise their online passwords.
  • Nearly 85% provided their full name, current street address, and e-mail address.

A small number of survey takers declined to explain how they devised their passwords, calling the request â-too personal.â" But the same people had no problem handing over their date of birth and motherâs maiden name, which suggests consumers often arenât aware of â-back doorsâ" into their accounts.

© National Security Institute, Inc. â" Content excerpted from NSIâs SECURITYsenseâ"a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html .


About the Author




Around the Network