Security firm Atheniem has uncovered a new scam that uses the incredibly low-tech technique of sending a USB flash drive through the mail hoping that unsuspecting victims will plug it into their device.
The package features legitimate-looking Microsoft Office branding, including an engraved USB drive and product key. The USB drive claims to carry a version of Microsoft Office Professional Plus but actually carries scamming software.
After plugging in the USB, a warning appears saying that a virus has been detected on the device, and to call a toll-free number to get it removed. However doing so passes the victim through to scammers, who pretended to remove the “virus” before looking to complete the subscription process by taking the victim’s payment details.
The types of victims likely to fall for this trick are those who may not have the capacity to understand the circumstances in which big/familiar companies reach out and send merchandise. If you care for young adults or the elderly, remind them that more often than not, companies will never send unsolicited packages or contact you out of the blue for any reason. Be extra vigilant and verify the authenticity of any requests that require a download or plug-in.