London (UK) – Getting someone’s computer passwords could be as simple as dangling a tasty chocolate bar in front of their faces. Infosecurity Europe reps, posing as market researchers, asked several hundred office workers for their passwords, date of birth and other sensitive information at a busy London train station. Astonishingly, 45% of the women gave their passwords while only 10% of men did the same.
576 office workers in total were polled by the fake researchers in a bid to raise awareness about information security. Infosecurity Europe hired attractive “researchers” to hand out surveys at the train station. Those that completed the survey received a chocolate candy bar. Seems like a decent deal to me!
The same group performed a similar survey in previous years and the results seem to be improving. Back in 2007, 64% of those polled gave up their passwords but only 21% this year did so. However 61% still gave up their dates of birth and over half of those questioned admitted that they use the same password for all their accounts. Perhaps even more disturbing is that more than half of the workers said they knew of their colleagues’ passwords and that more than one-third knew of or knew how to obtain their CEO’s password.
At least one guy seemed to have his wits about him and told the researchers, “I work for a government department, I would never give my password to anyone else, it could cost me my job.”
Infosecurity Europe contends that simple social engineering attacks like this one could easily obtain passwords and other information. Furthermore if people are willing to divulge secrets to a complete stranger for a candy bar, the group says an insider or a temp could cause even more damage.
BTW – While we used a Hershey chocolate bar in the picture, we hope that a higher quality bar was offered to those surveyed.