In the USA, Treasury Department auditors called 100 IRS employees and managers pretending to be IT helpdesk staff working on a network problem. They asked the employees to provide their network logon name and temporarily change their password to one they suggested and 35 complied.
That was a 50 percent improvement when compared with a similar test in 2001, when 71 employees cooperated and changed their passwords. The IRS strengthened its staff security education attempts after the report.