Assessing the security awareness of web users at a national level

["Demetris Papapetrou" <dpapapetrou () internalaudit gov cy>]

Dear list members,

I am currently setting up a project, in which I will assess the security
awareness level of my fellow citizens concerning social engineering attacks
that are launched through the web. The scope of the project is to gather
statistical data and possibly draw some useful conclusions as to the level
of awareness of lets say, male vs female users in my country, young vs old
people, linux vs windows users or even firefox vs internet explorer users.
The attack methods will simulate real life scenarios such as fake virus
detection messages, missing codec messages or even "click me" buttons that
are often utilized by attackers to infect computers with
viruses/backdoors/malware/etc. I should note here that no harmful programs
will be sent to users during the assessment. Instead the "malicious website"
will record whether the users clicked on the download button/malicious link
or not.

I was wondering whether any of you know of similar projects performed and if
you are kind enough to point me to any relevant links. 

Any suggestions regarding the method of distribution (e.g. emails, forums,
IRC, facebook, myspace, etc) or the different attack vectors (e.g. virus
message, codec missing messages, etc) or anything else that comes to your
mind will be much appreciated.   


Thank you in advance,

Demetris


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------