Prompt's TechBlog

There's an interesting story here about an IT security company which was hired by a large financial services provider in the US to test the security of its network. The consultants performed an interesting experiment. They created a 'virus' which would collect passwords, login details and other sensitive information from the host machine, loaded the virus onto 20 USB memory sticks along with random image and text files. The memory sticks were then scattered around locations outside the client's office where employees would be likely to find them. 15 of the sticks were found, and each of these was almost immediately connected to the employee's office PC, resulting in their private data being automatically emailed to the security consultants.

Organised criminals use all sorts of cunning techniques to get employees to give them sensitive business information, but it seems the easiest method requires nothing more elaborate than a few cheap memory sticks and the natural curiosity of human beings.