Recent Comments
    • Candy on Budget Crisis, Red Tape and teenage crushes...
      “@Shawn - Money can apparently buy a LOT of happiness - and it seems to come in the form of pills and smoke-able items. *sigh* (yeah, sure you didn'”
    • Shawn Powers on Budget Crisis, Red Tape and teenage crushes...
      “It always amazes me the number of overdoses and suicides in the celebrity death pool. I mean, I know, "Money can't buy happiness" -- but you'd think ”
    • Candy on Phooey on social media privacy
      “Justin - ah, so you keep separate accounts - how much bleeds over though? Do you think people pay attention to DuckDuckBlue? Or just to JustinRyan? Do”
    • Justin on Phooey on social media privacy
      “I doubt I have to tell you, but I'm in the "let it all hang out" camp. (Despite vicious rumors of being obsessively private.) My feeling is, I am wh”
    • Candy on Phooey on social media privacy
      “I guess my point is... if an employer is going to delve that deeply into someone's stuff as to look back through their wife's silly twitter account, d”

PostHeaderIcon Pass/Fail – IRS Password Training Fails

Information Week passed on some disturbing information about the IRS earlier this week. According to the IRS Inspector General, approximately 60% of all IRS employees failed a social engineering security test.

Employees, including managers and contractors, were called by someone pretending to be technical support who told them an issue with the computers could be solved by changing their password to one recommended by the caller. Of 102 people contacted, 61% did what the caller asked.

These are people with access to taxpayer’s sensitive information blindly giving away the farm–well, maybe just the network, but you get my meaning. This type of call is basically the verbal equivalent of those phishing emails we all get purporting to be from eBay or PayPal. IRS employees could have been handing over access to 14 year-old hackers for all the attention they paid.

The IRS has indicated they will be beefing up employee security training–only 8 of the 102 people called reported the call to their administrator to verify proper procedure–for all.

Now if only the IRS can find some of the 490 computers, also filled with sensitive data, they lost between 2003-2006.

For the full skinny, check out the Inspector General’s 22 page report here.

Share your thoughts.

CommentLuv badge