A security test carried out by the US Internal Revenue Service (IRS) found that more than 33% of employees, including managers, failed basic network protection procedures.
Inspectors posing as IRS help desk technicians called 100 IRS employees and claimed that a network problem required them to provide their network log-in usernames.
The bogus technicians then also asked the users to change their passwords to one they suggested. The IRS said 35 workers complied with the requests.
With such details hackers could gain high-level access privileges, and the IRS is fearful that disgruntled or ex-employees could be tempted to use the scam.
The results are an improvement however. Four years ago almost 75% of IRS employees failed the same test.