Many cybersecurity attacks are often highly-developed, well thought-out schemes that look to get the better of victims through skilled programming and malware deployment – but sometimes you just want to go the simple route. A new scam has been uncovered that uses the incredibly low-tech technique of sending a USB flash drive through the post in the hope that unsuspecting victims will plug it in. The USB drive claims to be carrying a version of Microsoft Office Professional Plus, but in fact carries scamming software, which once installed on a victim’s PC, tricks them into calling a fake support line and handing over bank details.
Microsoft Office USB
The packages, which featured legitimate-looking Microsoft Office branding including an engraved USB drive and product key, were reported by Martin Pitman, a cybersecurity consultant for security firm Atheniem.
He told Sky News(opens in new tab) that his mother had alerted him to the delivery arriving at the home of a retired friend. This man was in the middle of trying to “install” whatever was on the USB drive, which had prompted him to call a support line which was asking for his personal details.
Read the complete article here