Auditors recently contacted 100 IRS employees, asking them to provide their network logins and temporarily changed their passwords. Thirty-five workers and managers gave them up. That's still better than the 71 IRS staffers who volunteered their passwords during a similar test four years ago.
According to an AP report, some agency employees said they weren't aware of the hacking technique and never suspected foul play. They just wanted to help a computer technician. A few workers were suspicious because they couldn't find the caller's name in the IRS global employ directory, but they surrendered their passwords anyway. Others wavered, but got a say-so from their bosses to cooperate.
Two days after the test, the IRS issued an E-mail alert about the hacking technique and commanded workers to notify security officials if they get such calls.
Now, if only those IRS employees can be as trusting with my tax return as they were with the faux technicians when they gave up their passwords.