The bogus profile claimed Williams was a new hire at the agency with 10 years experience and a 28-year-old graduate of the Massachusetts Institute of Technology. The researchers set up information about the woman on other Web sites to make the profile seem more credible.
Within 15 hours of launching the profile, Williams had 60 Facebook and 55 LinkedIn connections with agency employees and contractors. After 24 hours, she had three job offers from other companies.
The experiment pointed to the need for continuous training in organizations to reduce the chance of employees becoming victims of phishers.
"In the military it's called situational awareness," Lakhani told IDG News Service. "We need to develop situational awareness for this type of attack."
Sign up for CIO Asia eNewsletters.