Common office pranks can mirror real cyber attacks, warns Kaspersky

ISLAMABAD: A Kaspersky survey reveals that 69.5% of Pakistani employees and business owners have experienced computer pranks by colleagues, friends or relatives — actions that, while often intended as jokes, can resemble or enable serious cyber attacks.

The survey found 39.5% of such incidents were carried out by colleagues and 30% by friends or relatives. Typical pranks included sending messages or emails from an unlocked account, setting a screenshot of the desktop as wallpaper, and leaving unexpected files or photos in someone’s folders. Only 1.8% of respondents admitted to playing such jokes themselves.

Kaspersky cautioned that several prank techniques are eerily similar to tactics used by cybercriminals. For instance, attackers can open a phishing page in full-screen mode and replace the browser bar with an image of a legitimate URL, convincing victims their system is locked and demanding payment. Users unsure how to exit full-screen mode may be misled into complying.

To escape such traps, Kaspersky advises simple keyboard shortcuts: press F11 or Alt+F4 on Windows, or Cmd+Ctrl+F on a Mac to exit full-screen. The firm also urged caution with short links and QR codes — known attack vectors — recommending users preview or expand links (for example by pasting them into link-preview tools) before opening them.

“Of course, a friendly joke won’t lead to the loss of money or data, that is the case with cyber attacks, but might still be not very pleasant. Be vigilant, have strong passwords in place and keep your devices locked,” said Brandon Muller, technology expert and consultant at Kaspersky.

Kaspersky’s practical recommendations include: lock devices when unattended; use strong, unique passwords (or a password manager); hover over short links to view destination URLs; verify suspicious attachments or messages by contacting the sender through an alternative channel; and deploy security products that warn of malicious sites. For organisations, Kaspersky recommends security awareness training — including phishing simulators such as the Kaspersky Automated Security Awareness Platform — and business-grade protection like Kaspersky Next.

The company also warned that AI-driven deepfakes make both pranks and attacks more convincing. Users should scrutinise media for visual or textual inconsistencies and verify questionable images or videos with reverse-image searches or trusted sources.

As workplaces grow more digitally connected, Kaspersky says a mix of basic cyber hygiene, employee education, and technical defenses is essential to ensure that what starts as a harmless joke doesn’t become a costly security incident. Staff Report