A recent survey by Kaspersky shows that 21,3% of employees and business owners using computers in South Africa faced a situation when colleagues (12,8%), friends or relatives (8,5%) made jokes with their unlocked computer.
These jokes include sending funny messages or emails on behalf of the accounts’ owner, placing a screenshot of the desktop as a desktop background, and leaving unexpected pictures, notes, or photos in the files.
At the same time just less than 3,3% of the survey respondents admitted to making such jokes themselves.
Similar tricks are also used by cyber attackers. For example, a phishing website may open in a new window in full-screen mode, so that the original browser bar with the phishing URL becomes invisible.
Instead, the attackers replace it with an image of the browser bar with the official link of some well-known organisation. This image may display various messages (both visual and audio), such as warnings that the computer has been blocked and a fine must be paid.
If the user does not know how to exit full-screen mode in the browser, they may think their computer is really locked.
To escape such a trap, users can press F11 or Alt+F4 on Windows, or Cmd+Ctrl+F on a Mac, to exit full-screen mode and regain control.
Short links and QR codes should always be treated with vigilance as they may lead to unpredicted downloads or websites, not only claiming to be an “April Fools” joke.
QR code phishing, known as Quishing, has been a growing concern in recent years. Since there are threat actors looking to benefit from people’s trust in a service, it’s worth checking such links by copying and pasting them into a tool like GetLinkInfo or UnshortenIt.
Cybersecurity solutions help with a built-in QR scanner that lets users check the link and warns users about landing on a dangerous website.
Additionally, hovering over a short link (without clicking) can sometimes reveal the true destination URL in the browser’s status bar, offering a quick safety check.
“Of course, a friendly joke won’t lead to the loss of money or data, that is the case with cyber attacks but may still be very unpleasant,” notes Brandon Muller, technology expert and consultant at Kaspersky. “Following simple rules when working with a computer, tablet or phone will help to avoid unpleasant consequences. Be vigilant, have strong passwords in place and keep your devices locked.”
Kaspersky shares the following advice to help you avoid getting tricked into jokes or scams:
- Lock your computers and other devices when leaving them unattended, as this can prevent not only jokes, but also surprises from children, pets or passersby. Key combinations to instantly lock the computer are Win+L on Windows, and Cmd+Ctrl+Q on MacOS.
- Use strong passwords and do not write them down near your computer. Using a different password for each device and service is recommended. Password manager solutions can be useful.
- Educate yourself on how to recognise phishing emails, by looking for such signs as the sender’s address, executable files, or files with macros in attachments. These messages also often create a sense of unclarity, urgency or unexpected calls to action. Only open attachments and click links if you are confident in the sender’s legitimacy. If the sender seems legitimate, but the content of the message looks strange, it is worth contacting the sender via an alternative means of communication. Specialised courses, such as Kaspersky Automated Security Awareness Platform, can help organisations educate their employees, including through phishing simulators.
- Use a protection solution, such as Kaspersky Next for businesses or Kaspersky Premium, for individual users, that warns about potential dangers.
- Due to AI developments, both friendly tricks and cyber attacks can come in the form of fake images or videos. Be attentive to details (such as seven fingers, a third hand or misspelled words) and think critically into call to actions. For added caution, verify questionable media by cross-checking with trusted sources or using reverse image search tools like Google Images.