Under no circumstances should you use untested external storage devices. Especially if the flash drives come in the mail in a convincing Microsoft Office package (which you didn’t buy). Hackers used this trick to fool gullible people in the UK who thought they had been sent expensive software by mistake.
Sky News reports that there is of course no Microsoft Office on the storage device. Victims who connect the drive to their computers receive a warning that the system is infected with a virus, and the only way to remove it is to call the provided toll-free number.
After the call, the person on the other end of the line explains that a program needs to be installed to get rid of the virus. This is a remote administration program that gives the fraudster full control over
PC. Then … directs the victim to the Microsoft 365 support team to “complete the installation.”
Microsoft has confirmed that it is aware of the scam and is doing its best to remove any suspicious unlicensed or counterfeit products from the market.
A decoy attack is a rarer and more complex, but therefore a more effective form of phishing. More often, messages about gifts in the form of copies of paid programs or other benefits come to e-mail, sending the addressee to links to malware.
ITC.ua recently wrote about a more sophisticated version of a spy flash drive.
The new Rubber Ducky is more dangerous than ever. Hacker Darren Kitchen unveiled a new version of the James Bond flash drive
Sources: TechSpot , SkyNews