Most people are reasonable sensible and decent, in my experience. Alas, that’s not true of everyone, as this story of what’s wrong with IT security in a nutshell reveals. (It was posted to an IT security list.)
Last time [we] sent out a warning email along the lines of:
We never ask for your username and password. If you get an email that looks like: “There is an issue with your account. Please reply with your username and password and we will rectify it”
You should never reply to these messages with your details.
50 people replied with their usernames and passwords.
I’m not sure whether that’s better or worse than the vast numbers of people who use “0000″ as their ATM pin code. Either way, I’m just amazed… and I’m thinking that schools and businesses need to teach the basics of computer security.