If there’s one day of the year when everyone has their guard up, it’s April Fool’s Day.After all, who can put their hand up and say that they have never been duped by an April Fool’s trick?Some of the classic April Fool’s stunts have gone down in history, such as the BBC’s news report from 1957 showing the annual spaghetti harvest in Switzerland.
Simpler times, you say?
Well, 50 years later the BBC pulled a similar stunt – getting Monty Python’s Terry Jones to star in a short documentary revealing the phenomenon of flying penguins.
And, like the spaghetti hanging from the branches of trees in southern Switzerland, some people believed it.
They believed it because the BBC is a trusted source of information. If some nutter had sat next to you on the bus and tried to convince you that penguins could fly or that you could send a Gmail by making the motion of licking a stamp you probably wouldn’t believe them.
But if you’re lulled into a false sense of confidence about who is sharing the information, don’t verify the facts by checking with trusted and respected alternative sources, or simply forget what day it is then you might be all too easily duped.
Scammers know that the weak link in any organisation is the user. Through social engineering tricks they can trick users into clicking on links, opening poisoned attachments or even handing over their passwords in the mistaken belief that they’re communicating with the IT department or logging into a legitimate website.
The problem is – we should treat every day like it’s April 1st.
Here are five types of computer scam you should look out for – regardless of the date.
That email from your friend wasn’t sent by your friend
If a hacker has hijacked control of a friend or colleague’s email account, they don’t just have access to your friend’s address book. They also have access to past messages that they have sent you, and that you may have exchanged with them.
In short, if they want to, a scammer can easily replicate the style of past messages you have exchanged, refer to past conversations or simply continue an existing message thread.
Being wary of messages from people you know isn’t enough. Sometimes it can be an email from one of your closest contacts that is trying to trick you into making a bad decision. If in doubt, always verify that your friend or colleague really sent you the email – not by emailing them by back, but by – for instance – picking up the telephone instead.
Is that link going where you think it’s going?
The invention of HTML email, with all its fancy fonts, images and colours, was great in some ways – but not necessarily a good step for security. Unlike a plaintext email, simple HTML tricks mean that you cannot always tell where that link is going to take your browser. For instance, where do you think clicking on http://www.example.com will take you?
Online criminals regularly use this trick to dupe users into visiting phishing sites. Hovering your mouse over a link will often help determine where a link might really go before you click it, but there are still tricks that scammers can use in their attempt to fool you…
Is that an L or an I in that URL?
Is this the real Lloyds bank website?