IRS Workers Fall for Simulated Password Scam
Posted on Aug 3, 2007
According to a recent internal audit, 60 percent of IRS employees fell for the oldest trick in the book, allowing auditors posing as help-desk employees access to their digital identities, and by extension your personal and private information.
On the plus side, the report says the agency’s computers have never been violated, despite frequent attempts.
Brace yourself for another fine example of the tech-savviness of federal bureaucrats (and yes, this sentence is dripping with sarcasm).
According to a report released Friday (PDF) by the Treasury Department’s inspector general, 60 percent of a sampling of 102 Internal Revenue Service employees, when contacted by government auditors posing as help-desk employees, were perfectly willing to reveal their usernames and change their passwords to ones suggested by the callers.
The auditors said they were particularly alarmed by this year’s findings against the backdrop of a similar test in 2004, when only 35 percent fell for the trick. In 2001, 71 percent succumbed to the requests, which led the IRS to take “corrective actions” designed to raise awareness about social-engineering attempts and password protection requirements.