Technologist - The FindLaw Legal Technology Blog

Prank Employees, Test Security in One Fell Swoop

Preserving productivity. Increasing efficiency. Nothing quite warms the cockles of a manager's heart quite like those phrases. You know what dooms productivity and efficiency? A disabled computer or network. And one of the quickest ways to kill a computer or network is for one of your employees to do something stupid, like clicking on one of those "Your computer is infected. Click here to remove the virus" scams.

Yep. My brother fell for that one last month. A month before that, a college buddy fell for the old phishing scam that captured his Gmail password (and sent spam links to all of his friends and professional contacts). You don't want your employees to make these mistakes. It's also April Fools Day. Increase your own efficiency by tackling both of these issues at once.

The Wall Street Journal ran an article recently on security firms that design fake hacking schemes and use them on a company's employees. One of the security guys was even crazy enough to sneak into the actual offices of the clients, typically by faking a disability and having someone open the door for him.

Their most popular tactic is sending fake phishing emails that tell the user to "Check out these cute kittens. :-)". Yep. People fall for that. Forty-eight percent of people, in fact. Other things that the security teams will try include leaving USB flash drives or CDs in the bathroom with "Confidential" written on them, and "accidentally" sending an email about bonuses, followed by a recall email.

Clicking on the emails results in a warning or "Gotcha" message from the boss. The USB and CD pranks launch software that take a picture of the user, which hopefully results in only a stern warning.

And if you clicked on that previous link to the Wall Street Journal article, we hope you enjoyed that Simpsons clip. Here is the actual article. We swear.

So, do these pranks work? New York state tried it in 2005. The first phishing email worked on 15 percent of users. The second ensnared only eight percent.

If you lack the discretionary funds to hire a security firm, here are a few good old fashioned pranks that can have the same effect.

  • Attach loud speakers to each employee's computer. Send a fake email with a link to an obnoxious song or video clip. Don't use Rick Astley, however. That was played out five years ago.
  • If you deal with particularly sensitive information, walk around the office at lunch. See which computers were left logged in and accessible. Open a Word doc and write "I JUST STOLE ALL OF YOUR *&*(! BUAHAHAHAHAAAHA!")
  • Try the USB Autolaunch trick. Fortunately, Microsoft disabled autorun for USB sticks. However, there is a slightly-complicated workaround, courtesy of

Have any other hilarious security pranks? Share 'em with us on our Facebook page

Editor's note, April 5, 2015: This post was first published in April, 2013. It has since been updated.

Related Resources: