Password Collection through Social Engineering: An Analysis of a Simulated Attack.

This study demonstrates that consumers, healthcare workers and corporate America are still very much vulnerable to simple social engineering attacks, even with current levels of security training. Through a simulation of what a real social engineer might try to do (with a few safeguards to protect participants) security levels were tested in the business district of a large downtown financial center, a hospital, and a university campus. Through the simulation attack, researchers were able to get useful demographic and tactical information from the majority of the victims. In addition, 73% of respondents shared a password with the researchers. Those with recent security awareness training were just as likely as those without to share their passwords with strangers. Results, implications and future directions are discussed [ABSTRACT FROM AUTHOR]