Susceptibility of university students to fake email requesting their password

Study: Ask and Ye Shall Receive: A Study in Social Engineering
Date: April 1996

336 computer science students at the University of Sydney were sent an email message asking them to supply their password to `validate' the password database after a suspected breakin.
  • 138 (41%)
  • returned a valid password
  • 30 (9%)
  • returned a plausible looking but invalid password
  • 200+
  • changed their passwords without official prompting in the two weeks following the experiment.

    However, very few attempts were made to report the message to the university authorities.

    <-- Back to Authentication Statistic Index

    [Home] [About Us] [News] [Research]

    Copyright © 2017