Two-thirds of workers fall for password honeytrap

17 Apr 2007

Comments: 7

A Computing logo

The majority of UK office workers will hand over their computer passwords in exchange for "a bar of chocolate and a smile", according to a new study from the organisers of the annual Infosec show.

The survey of 300 office workers and IT professionals was carried out at London stations and an IT trade show and found that 64 percent of the 300 people approached could be tricked into handing over their password in return for a flirtatious conversation and a free bar of chocolate.

Further reading

The researchers used social engineering techniques to gain the information, initially asking the delegates if they knew what the most common password was and asking them what their password was. At this stage 40 percent of commuters and 22 percent of IT professionals told the interviewer their password.

If respondents initially refused to hand over their password the researcher then asked if it was based on the name of a child, pet or football team and began guessing possible passwords. At this point a further 42 percent of IT professionals and 22 percent of commuters divulged their password.

"What is most surprising is that even when the IT professionals became slightly wary about revealing their passwords, they were put at their ease by a smile and a bit of smooth talk," said Sam Jeffers, event manager for Infosecurity Europe 2007. "It just goes to show that we still have a long way to go in educating people about security policies and procedures as the person trying to steal data from a company is just as likely to be an attractive young woman acting as a honey trap as a hacker using technology to find a way into a corporate network."

Reader comments

Add your comment
Not so fast, cynic

Who's to say that the passwords revealed were correct? Perhaps a large percentage were smart enough to cough up a fake password in order to obtain a free chocolate bar ... Was it dark chocolate or milk chocolate? :-)

Posted by: David  18 Apr 2007

...

Maybe the passwords they gave are already false...

Posted by: kasho  18 Apr 2007

silly researchers

Peter Toye, 17 Apr 2007 has it right, fake password = free candy, what silly researchers ;-)

Posted by: Tony Tobin  18 Apr 2007

Re: An alternative view

Or that the researchers didn't realize that IT workers are more than willing to make up a fake password for a bar of chocolate.

Posted by: Yakko Warner  18 Apr 2007

Seriously?

So in total, 64% of IT workers and 62% of regular people gave out their passwords. How is that even possible? IT workers are MORE uninformed?

Posted by: Telanis  18 Apr 2007

how did they know they were legit passwords?

Hmm.. give a cute girl a fake password to keep her talking to me? No brainer.

What's the stupidest password I can think of on the spot that won't make her suspicious that I'm lying.. um.. um... "password" :)

Duh.

Posted by: patbob  18 Apr 2007

An alternative view

Another way of looking at it is that one-third of workers are too stupid to give a false password for a bar of free chocolate.

Posted by: Peter Toye  17 Apr 2007

Add your comment

Have your say on this article

All fields required. Your email address will not be displayed on the site.

By submitting a comment you agree to abide by our Terms & Conditions

Submit
  • Digg
  • Tweet

Newsletters

Sign up for our FREE newsletters

Latest stories from Hacking

Anonymous news site

Anonymous attacks ICO and Leveson Inquiry websites

Related white papers

Latest videos

You may also like

Hacking jobs

Today's top stories

cookies

EU cookie implementation deadline is today

cloud-security-concept

Microsoft and friends to push open data standard at OASIS

Francis Maude

G-Cloud framework for SMEs launched by Cabinet Office

Technology Patent Wars

Large companies such as Microsoft, Facebook and Google have been hoovering up technology patents recently. Is this stifling innovation?

88 %

5 %

7 %

Case studies & reports

IBM

Cloud computing insights from 110 implementation projects

Case studies from large organisations across all sectors

Cisco

The lesson of 2012: prepare now for increased data volumes

... And rich media, and flexible working, and peaks in traffic ...

More case studies and reports

Upcoming Events

Gain better control of your data with enterprise database consolidation

Stacks in a datacentre

Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.

Date: 31 May 2012

Time: 11:00 AM

Top 10 causes of IT disasters – and how to deal with them

Concept image of data backup with life preserving floating on background of binary data

Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.

Date: 13 Jun 2012

Time: 11:00 am

More events

Job of the week

More IT Jobs

IT job alerts

Receive the latest jobs direct to your inbox

Sign up

IT job finder

IT salary checker

Are you being paid what you are worth?

Check Salary
  • Sign up for Computing email newsletters
  • Computing for mobiles
  • RSS feeds
  • Follow Computing on Twitter
  • Browse Computing videos on You Tube
  • Join Computing.co.uk on Linked In
  • Computing's free Android tablet app
  • Computing's free iPad app

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

About us:

Subscribe:

Community:

Related sites:

Jobs:

Accreditations: