Beware 'Microsoft Office' USB Sticks That Show Up in the Mail: It's a Scam – PCMag

Beware 'Microsoft Office' USB Sticks That Show Up in the Mail: It's a Scam – PCMag

Beware 'Microsoft Office' USB Sticks That Show Up in the Mail: It's a Scam – PCMag 1120 630 charlie

Plugging the USB into a computer will trigger a virus alert and encourage people to call a customer support line, where a scammer will take over the computer and demand payment.
I’ve been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.
If you receive a Microsoft Office product randomly in the mail, be careful: It could be a scam. 
A cybersecurity consultant in the UK recovered a counterfeit Microsoft Office package mailed to a retiree that actually contained a malicious USB stick designed to defraud the user. 
Sky News reports(Opens in a new window) that the USB drive was engraved with the Office logo and came in seemingly real Microsoft packaging, which included a legitimate-looking product key. But if you plug the USB stick into a PC, it won’t install the Office programs. Instead, it’ll encourage the user to call a fake Microsoft customer support line, which will then try to install a remote access program on the victim’s computer. 
The scheme is pretty elaborate, and it could end up tricking unsuspecting consumers hoping to get free access to Microsoft Office Professional, which can normally retail for $439. Cybersecurity consultant Martin Pitman recovered the USB stick and packaging through his mother, who ended up calling him when she was at another person’s home trying to install it.
The scam works by triggering a virus alert once the USB stick is plugged into the victim’s PC. To fix the issue, the alert tells the user to call a customer support number. “As soon as they called the number on screen, the helpdesk installed some sort of TeamViewer (remote access program) and took control of the victim’s computer,” Pitman told Sky News. In addition, the customer support technician also asked for payment information. 
Last month, Robert Pooley, a director at the UK-based cybersecurity firm Saepio, also sounded(Opens in a new window) the alarm about the counterfeit Microsoft Office USB scheme. “Quite the scam. Shows how important cyber awareness is at work and home,” he wrote in a post on LinkedIn. 
It’s not the first time scammers have circulated malicious USB drives through the mail. In 2020, security firm Trustwave also uncovered a malware-laden USB stick sent through the mail that pretended to come from Best Buy as $50 gift card promotion.
Microsoft told Sky News the company has encountered this kind of fraud before, but it remains rare. In addition, the scammers usually resort to only mailing a fake product key through the mail, rather than an entire package with a USB drive.
In a statement, Microsoft added: “We take appropriate action to remove any suspected unlicensed or counterfeit products from the market and to hold those targeting our customers accountable. We’d like to reassure all users of our software and products that Microsoft will never send you unsolicited packages and will never contact you out of the blue for any reason. You can visit this(Opens in a new window) support page for guidance on how to avoid fraud and scams.”
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Your subscription has been confirmed. Keep an eye on your inbox!
Advertisement
I’ve been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.
Read Michael’s full bio
Advertisement
PCMag.com is a leading authority on technology, delivering lab-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
© 1996-2022 Ziff Davis. PCMag Digital Group
PCMag, PCMag.com and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source

    Would you like to receive notifications on latest updates? No Yes