{"id":641,"date":"2005-03-17T00:00:00","date_gmt":"2005-03-17T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/03\/17\/over-a-third-of-irs-workers-hacked-by-auditors-using-social-engineering\/"},"modified":"2021-12-30T11:37:51","modified_gmt":"2021-12-30T11:37:51","slug":"over-a-third-of-irs-workers-hacked-by-auditors-using-social-engineering","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=641","title":{"rendered":"Over A Third Of IRS Workers “Hacked” By Auditors Using Social Engineering"},"content":{"rendered":"

More than a third of workers and managers at the IRS failed a simple anti-hacker test, the Treasury Department’s Inspector General said Wednesday.<\/p>\n","protected":false},"excerpt":{"rendered":"

Inspectors posing as technicians from the agency’s help desk called 100 IRS employees and managers and said that a network problem required them to provide their network log-in usernames. The bogus techs also asked the users to change their passwords to one they suggested. 35% of the IRS workers took the bait.<\/p>\n

“With an employee’s user account name and password, a hacker could gain access to that employee’s access privileges,” the report said. “Even more significant, a disgruntled employee could use the same social engineering tactics and obtain another employee’s username and password.”<\/p>\n

The same phishing-style scam was run by auditors in 2001, when 71 percent of the workers cooperated and changed their passwords.<\/p>\n

http:\/\/www.techweb.com\/wire\/security\/159901562<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-641","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=641"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/641\/revisions"}],"predecessor-version":[{"id":3128,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/641\/revisions\/3128"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}