Published in News

Most hopeless cyber attack ever still works

by on19 August 2022

Stick a USB in the post 

A new scam has been uncovered that uses the rather silly low-tech technique of sending a USB flash drive through the post.

The USB drive claims to be carrying a version of Microsoft Office Professional Plus, but in fact carries scamming software, which tricks a user to install a fake support line and handing over bank details.

While the idea sounds dumb, the packages feature legitimate-looking Microsoft Office branding including an engraved USB drive and product key.

The scam was spotted in the wild by Martin Pitman, a cybersecurity consultant for security firm Atheniem. His mum rang him after the package arrived at the home of a retired friend who was stuck in the middle of the install. 

In this case, after plugging in the USB drive, a warning appeared saying that a virus had been detected, and to call a toll-free number to get this removed. However doing so passed the victim through to the scammers, who pretended to remove the "virus" before looking to complete the subscription process by taking the victim's payment details.

"We'd like to reassure all users of our software and products that Microsoft will never send you unsolicited packages and will never contact you out of the blue for any reason."

Yep, because there is zero reason for Microsoft to send anyone free software ever. 


Last modified on 19 August 2022
Rate this item
(1 Vote)

Read more about: