There’s nothing new about this, but in the end, human beings really are the weak link when it comes to keeping sensitive information safe online. Where it comes to keeping critical information safe, most people are both horribly naive and also admirably trusting of the source of a phishing expedition. For example:

That’s what the U.S. Military Academy at West Point did in 2004 to a group of 512 cadets, selected at random for a test called the Carronade. The cadets were sent a bogus e-mail that looked like it came from a fictional colonel named Robert Melvillle, who claimed to be with the academy’s Office of the Commandant (The real Robert Melville helped invent a short range naval cannon called the Carronade nearly 250 years ago).

“There was a problem with your last grade report,” Melville wrote, before telling the cadets to click on a Web page and “follow the instructions to make sure your information is correct.”

More than 80 percent of the cadets clicked on the link, according to a report on the experiment.

Worse still, even after hours of computer security instruction, 90 percent of freshmen cadets still clicked on the link.

Ouch. That’s pretty bad. Still, phishing attacks are hard to prevent, and can be easily done with even the slightest bit of information about the subject. The article discusses several attempts to protect people from their own, and where the application developers like Microsoft and others have to catch up in the process of making their products safer and offering the kind of information to the user that they can use to tell if someone is out to trick you or not.

[ Humans Called Weak Link in Tech Security ]