Do they hire morons off the street to work at the IRS? Sure looks like it…
According to a report released Friday (PDF) by the Treasury Department’s inspector general, 60 percent of a sampling of 102 Internal Revenue Service employees, when contacted by government auditors posing as help-desk employees, were perfectly willing to reveal their usernames and change their passwords to ones suggested by the callers.
The auditors said they were particularly alarmed by this year’s findings against the backdrop of a similar test in 2004, when only 35 percent fell for the trick. In 2001, 71 percent succumbed to the requests, which led the IRS to take “corrective actions” designed to raise awareness about social-engineering attempts and password protection requirements.
Saw it on SANS Newsbytes first.