Beware ‘Microsoft Office’ USB Sticks That Show Up in the Mail: It’s a Scam

Total times read this article : 12

If you receive a Microsoft Office product randomly in the mail, be careful: It could be a scam. 

A cybersecurity consultant in the UK recovered a counterfeit Microsoft Office package mailed to a retiree that actually contained a malicious USB stick designed to defraud the user. 

Sky News reports(Opens in a new window) that the USB drive was engraved with the Office logo and came in seemingly real Microsoft packaging, which included a legitimate-looking product key. But if you plug the USB stick into a PC, it won’t install the Office programs. Instead, it’ll encourage the user to call a fake Microsoft customer support line, which will then try to install a remote access program on the victim’s computer. 

The scheme is pretty elaborate, and it could end up tricking unsuspecting consumers hoping to get free access to Microsoft Office Professional, which can normally retail for $439. Cybersecurity consultant Martin Pitman recovered the USB stick and packaging through his mother, who ended up calling him when she was at another person’s home trying to install it.

The scam works by triggering a virus alert once the USB stick is plugged into the victim’s PC. To fix the issue, the alert tells the user to call a customer support number. “As soon as they called the number on screen, the helpdesk installed some sort of TeamViewer (remote access program) and took control of the victim’s computer,” Pitman told Sky News. In addition, the customer support technician also asked for payment information. 

Last month, Robert Pooley, a director at the UK-based cybersecurity firm Saepio, also sounded(Opens in a new window) the alarm about the counterfeit Microsoft Office USB scheme. “Quite the scam. Shows how important cyber awareness is at work and home,” he wrote in a post on LinkedIn. 

Recommended by Our Editors

It’s not the first time scammers have circulated malicious USB drives through the mail. In 2020, security firm Trustwave also uncovered a malware-laden USB stick sent through the mail that pretended to come from Best Buy as $50 gift card promotion.

Microsoft told Sky News the company has encountered this kind of fraud before, but it remains rare. In addition, the scammers usually resort to only mailing a fake product key through the mail, rather than an entire package with a USB drive.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs” readability=”31.423799582463″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Facebook Comments Box

Hits: 0

RELATED ARTICLESMORE FROM AUTHOR