Skip to Content
Physical cyber attacks like USB drop attacks spearheads a Microsoft fraud that destroys your computer
Photo 19739997 © Fang Chun Che | Dreamstime.com
Security & privacy

Malware in the mail: Scammers are sending out fake Microsoft software

Most malware infects your devices through cyberspace. Sometimes, though, you might get malware in the mail. That’s right: A scary strain of physical cyberattacks is taking over unsuspecting people’s computers.

That’s why we’re breaking down everything you need to know to stay safe. Last week, Microsoft blew the whistle on a popular fraud scheme impersonating its products. Criminals are mailing counterfeit packages disguised as legitimate Office products.

They’re trying to trick people into thinking they were lucky and got these expensive programs for free. Instead, they should have used this free alternative that works just as well. Here are a few ways to recognize this dangerous scam and protect yourself.

Falling for this scam endangers your digital life

This scam puts a new spin on an old trick. USB drop attacks trick you into plugging a malware-infested flash drive into your computer. It’s one of the oldest physical cyberattacks out there.

Sure, most of us would probably ignore random USBs that show up on our doorstep. But this new type of fraud hides its dangerous USB in convincing packaging. It looks like it came straight from Microsoft. Here’s an example:

USB drop attacks are dangerous enough to endanger national security. Here's how to spot physical cyber attacks like this in 2022.
Sky News blew the whistle on this new USB drop attack scheme. It confirmed the danger with Microsoft. | Image: Sky News

Victims might fall for the packaging. When they open it, they find what looks to be an innocuous USB drive, Sky News reports. The news organization shared a photo from a victim who fell for the scam.

If this ever happens to you, here’s what you’ll see when you open the package:

With the Office branding and the realistic stickers and packing, people fall for it. | Image: Sky News

Once you plug the flash drive into your computer, a pop-up tells you there’s a virus on your machine. The message then prompts you to call a toll-free number to fix the problem. Unfortunately, that number belongs to a scammer.

Cybercriminal organizations abroad will hire and train people in the art of scamming. They will pretend to be IT professionals, using pre-written scripts to fool you. If you call the number, the scammer on the other end of the line tells you to download a remote access program.

This allows them to take over your computer. Legit IT departments do this to actually fix problems on your computer. But criminals can use these programs to steal as much data as they want. The scammer could even download malware onto your device.

Handing over complete control of your device could destroy your whole system. That’s why you need to watch out for some obvious red flags that reveal your danger level. Here’s what it looks like when a virus takes over your computer.

You could lose a lot of money from USB drop attacks

Once the scammer is finished “fixing the problem,” they’ll ask you to pay for the service. Next, they’ll transfer you to the “Office 365 subscription team.” Of course, they’re really just sending you to another scammer.

The new person will ask for your bank details or credit card number. Just like that, you handed the money over to a scammer. If this ever happens to you, call your bank account ASAP.

You should also run a free credit report and cancel your credit cards. Otherwise, cybercriminals could charge your cards and leave you with a mountain of debt.

Physical cyberattacks like this go back to 2008

That’s when media outlets at the time wrote about “The Worm that Ate the Pentagon.” That’s right: USB drop attacks can threaten national security. Unknown spies dropped a virus-infected flash drive into a parking lot at a U.S. military base.

Someone took the bait and plugged it into a DoD computer, which spread the virus throughout the U.S. military’s digital networks. No one knows where the private data went — or who the attacker was, We Are the Mighty reports.

Bottom line: Never plug an unknown USB stick into your computer. And be wary of anything that comes in the mail that you didn’t ask for. Remember that scammers often impersonate legitimate companies.

More importantly, Microsoft says you should watch out for these red flags:

  • Low-quality packaging materials.
  • Spelling errors.
  • Blurry text and images.
  • Logos that look slightly off.
  • Photos that don’t match up with the product.

Don’t trust random product keys that come in the mail, either. That’s the most common physical cyberattack, according to Microsoft.

More tips like this

Check your phone! Dozens of dangerous apps spotted

Warning: All your Apple devices are at risk

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days