This news is a few days old, but organizers for the Infosecurity Europe trade show have completed their “annual pulse-taking of people’s susceptibility to social engineering.” This year, they asked individuals for private information in return for theatre tickets:
Claire Sellick approached a woman in London’s tony theater district with a clipboard and a chance to win tickets to an upcoming show. All the woman had to do was answer a three-minute survey on locals’ theater-going habits. Or so she thought.
The woman answered questions about her name, date of birth, mother’s maiden name, name of the first school she attended and more. All of that information could easily be used to gain access to “secure” data, like a bank account. The woman wasn’t the only one though. Here’s the results of the experiment that surveyed 200 people:
- 100% provided their names upon request.
- 94% provided pet’s names (common passwords) and their mother’s maiden name (common second form of authentication) when told actors frequently use both to create stage names.
- 98% gave their address in order to receive a winning voucher.
- 96% divulged the name of their first school. Combined with mother’s maiden name, the two are key pieces of information used by banks for verification.
- 92% provided their date of birth and the same number supplied their home phone number.
Just goes to show that for all the technology in the world, humans are always the weakest link. No number of firewalls, passwords, or other security features will prevent a person from giving up valuable and sensitive information. So, be mindful about what you divulge! Your mother’s maiden name might be just as important as your bank account number!
Read: Search Security