When Michigan’s state administration staged a phishing trip using an email supposedly about expired passwords as part of a security audit among users of its computer network, the results were alarming: one in three employees opened the mail, a quarter then clicked on the supplied link, and almost a fifth complied with a request to introduce their username and password.

Read full news article on Forbes.com