As reported by Sky News, Microsoft has confirmed that scammers have began a campaign posting counterfeit packages designed to look like Microsoft Office products to defraud people. The scam, which has seen criminals mail packages to victims containing USB sticks and product keys, sees victims install malicious software and call a fake support line and hand over access to their PC to a remote attacker.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This is a very clever yet straightforward scam that has the potential of conning multiple people into handing over access to their computer unwittingly. The effort that has gone into the manufacturing of these fake products proves the extent cybercriminals are willing to go to get their hands on computers and con people out of money. Once the hackers then have control, they would be able to steal personal information or encrypt the data and hold it to ransom. If these products were designed to target businesses, they could cause extreme financial and reputational damage.
If you ever receive a product in the post with a USB, stop and think why you have received it and if you didn’t order it, keep it away from your computer. A strong up to date antivirus product will also help protect your machine from rogue USBs and you should always follow the warnings if it tells you something is trying to harm your computer.