Many cybersecurity attacks are often highly-developed, well thought-out schemes that look to get the better of victims through skilled programming and malware deployment – but sometimes you just want to go the simple route.
A new scam has been uncovered that uses the incredibly low-tech technique of sending a USB flash drive through the post in the hope that unsuspecting victims will plug it in.
The USB drive claims to be carrying a version of Microsoft Office Professional Plus, but in fact carries scamming software, which once installed on a victim’s PC, tricks them into calling a fake support line and handing over bank details.
Microsoft Office USB
The packages, which featured legitimate-looking Microsoft Office branding including an engraved USB drive and product key, were reported by Martin Pitman, a cybersecurity consultant for security firm Atheniem.Â
He told Sky News (opens in new tab) that his mother had alerted him to the delivery arriving at the home of a retired friend. This man was in the middle of trying to “install” whatever was on the USB drive, which had prompted him to call a support line which was asking for his personal details.
In this case, after plugging in the USB drive, a warning appeared saying that a virus had been detected, and to call a toll-free number to get this removed. However doing so passed the victim through to the scammers, who pretended to remove the “virus” before looking to complete the subscription process by taking the victim’s payment details.
Microsoft has confirmed that the packages are not genuine, telling Sky News that the scam is becoming sadly common as criminals look for new ways to defraud victims.
“Microsoft is committed to helping protect our customers. We take appropriate action to remove any suspected unlicensed or counterfeit products from the market and to hold those targeting our customers accountable,” a company spokesperson said.
“We’d like to reassure all users of our software and products that Microsoft will never send you unsolicited packages and will never contact you out of the blue for any reason.”
