Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "social engineering"
Studies

Studies

by Mike Masnick

Thu, Jul 3rd 2008 2:15am


Filed Under:
information gathering, security, social engineering



Social Engineering 101: Focus On Informal Conversations

from the just-don't-promise-to-protect-the-info dept

In the past, we've covered plenty of stories about social engineering to get people to admit stuff they shouldn't -- suggesting you really just need to ask people to give up personal info and they will (sometimes giving them a gift helps, but just asking alone will often do the trick). The latest study does go a little deeper, however, suggesting that the more informal the setting, the more likely people are to cough up info. For example, it found that when those asked for confidential information were promised that it wouldn't be misused they were less likely to hand over the info. Instead, if there were no promises about what would be done with the info at all, people felt that it was more informal and were more willing to give up the info. Another experiment asked people to reveal "bad" activities to a website. In one test, the website was made to look like a university website, and in another an informal site with the title "How BAD are U??" Not surprisingly, the latter got a lot more people to cough up the details of bad behavior. In that case, I'd even wonder if the "competitive" nature of the question (suggesting that you should want to be "badder" than others) also helped contribute to the openness of individuals.

7 Comments | Leave a Comment..

 
Studies

Studies

by Mike Masnick

Wed, Apr 16th 2008 2:52pm


Filed Under:
chocolate, passwords, security, social engineering



Chocolate No Longer As Effective In Separating Men From Their Passwords?

from the fun-with-statistics,-headlines-and-chocolate dept

There are a bunch of headlines today about the fact that people will give up their passwords in exchange for some chocolate, but most of the reports seem to be missing the point. Similar studies have been conducted for years. Four years ago, we saw an almost identical study. Other studies have shown that people will give up their passwords for a ballpoint pen or chance to win theater tickets. None of this really proves very much. The "chocolate" hook is really just for generating headlines. After all, a similar study showed that people would give up private data if you just ask nicely. Chocolate may have nothing to do with it.

In reality, though, the interesting part of this chocolate story is the fact that the number of people who give up their password for chocolate is way down this year compared to the same study last year. Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology. It certainly sounds like the results could depend very much on how persuasive the questioner is. Hire someone who's a good social engineer, and the numbers go up. For the same reason, I wouldn't give very much credence to the other headline coming out of this study that women are more likely than men to hand over their passwords. Again, without testing it under identical circumstances, it's tough to determine that for sure. A good social engineer will be able to get passwords out of plenty of people, whether using chocolate, a ballpoint pen or just plain sweet talk.

25 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Fri, Aug 3rd 2007 5:02pm


Filed Under:
security, social engineering

Companies:
irs



Study Finds IRS Very Susceptible To Social Engineering

from the change-this-password-now dept

The IRS has had problems modernizing their computer system in the past, but no matter how modern your computer system is, security is weak if your employees are easily duped through social engineering techniques. A new study found that 60% of the employees they tested were willing to hand over sensitive info to a person calling and posing as IRS tech support. This type of social engineering happens all the time, but it seems especially worrisome that so many IRS employees would be so willingly giving out info when they have access to so much confidential info and should be especially aware of the threat. In fact, the report notes that similar tests were done in 2001 and 2004 and the IRS promised to put in place measures to prevent these types of tricks from working. Apparently, that hasn't really happened.

14 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Monday

3:49pm: Heads Of Major Movies Studios Claiming They Just Want To Help Poor Indie Films Harmed By Piracy (47)
2:38pm: USPTO Convinced By Amazon That Online Gift Giving Patent Is Legit (19)
1:31pm: Tiburon Approves Recording Every Car That Enters/Leaves... Despite More Evidence Of Traffic Camera Abuse In UK (82)
12:18pm: Label Exec Arrested For Not Using Twitter To Disperse Crowd At Mall To See Singer (53)
11:01am: Spanish Court Dismisses Complaint From Nintendo Against Counterfiet DS Cartridges, Since They Add Functionality (12)
9:55am: Dear PR People: If Your Exec Has A Comment, Our Comments Are Open (25)
8:44am: What Kind Of Mickey Mouse (And Donald Duck) Lawsuits Are These? (23)
7:30am: Prosecutors Ending Lawsuit Against Lori Drew (13)
6:06am: Dear Rupert: You Don't Succeed By Making Life More Difficult For Users (70)
4:20am: ESPN Writer Suspended From Twitter (59)
2:10am: School Can't Handle Critical Community Message Board; Sends Legal Nastygram (21)

Friday

7:39pm: Liberian Laws Are A Secret Due To Copyright; Even The Gov't Doesn't Have Them (43)
6:56pm: Lily Allen: It's Ok To Sell My Counterfeit CDs, Just Don't Give My Music For Free (97)
6:10pm: EFF Looks To Bust Bogus Podcasting Patent; Needs Prior Art (34)
5:28pm: Google Blocking Set Top Boxes From Showing YouTube Unless They Pay Up? (64)
4:44pm: Entertainment Industry: Yes, Please Keep Negotiating Secret Copyright Treaty To Save Our Asses (43)
4:02pm: If Google's Book Scanning Violates Copyright Law, What About The AP's Book Scanning? (21)
3:05pm: iPhone App Developer Backlash Growing (49)
2:14pm: Norwegian Band Told It Can't Post Its Own Music To The Pirate Bay, Even Though It Wants To (24)
1:08pm: If You Only Share A Tiny Bit Of A File Via BitTorrent, Is It Still Copyright Infringement? (79)
12:00pm: UK Digital Economy Bill As Bad As Expected; Digital Britain Minister Flat Out Lies About ISP Support (25)
10:57am: NPR's Daniel Schorr Blames The Internet For Ft. Hood Shootings (37)
9:49am: No, ACTA Secrecy Is Not 'Normal' -- Nor Is It A 'Distraction' (29)
8:33am: Murdoch's The Times Accused Of Blatant Copying, Just As It Tells The World You Should Pay For News (28)
7:15am: Copyright Extension Moves To Japan (24)
5:46am: Canadian Ebook Store Offers 'Free' Public Domain Ebooks -- Claims Copyright Says You Can Only Make 1 Copy (27)
4:01am: There Are Lots Of Ways To Fund Journalism (14)
1:49am: Winner Takes All, Long Tails And The Fractilization Of Culture (10)

Thursday

10:37pm: The Lobbyists' Ability To Control The Message (29)
8:11pm: In Going Free, London Evening Standard Doubles Circulation While Slashing Costs (27)
More arrow
Quick Links
Close
E-mail It