In a recent PC World article, some people are receiving what looks like a full retail copy of Microsoft Office in the mail. They never ordered it.


They are finding themselves with an infected computer. The scam is attempting people to plug in the USB drive. Once inserted into your computer, the USB drive installs malware. After that, the hacker has successfully accessed your machine.

don't plug in free Microsoft office USB drive
How it works

From the article: It works like this: you get a random package in the mail that looks convincingly like a retail copy of Microsoft Office stored on an engraved thumb drive and even complete with a product code sticker. You plug the USB drive into your PC and it immediately tells you that you have a virus, and you need to call “Microsoft Support.” On the phone, “Microsoft” encourages you to install a remote access tool, after which the problem is apparently solved, but not before you’ve given up a credit card number for verification purposes. Then, of course, come the fraudulent charges.

Impersonating Microsoft or other authoritative figures isn’t a new technique by any means — here in the US we get spam calls from “Microsoft support” all the time. But the extra layer of expense and sophistication in creating branded USB drives and shipping professional-looking packing in order to sell that authority is an interesting innovation on the part of the scammers. This takes a lot more time and money than the usual website and fake download.

Next steps

If you receive one of these packages, contact us ASAP.

Referenced article