Monday, September 26

Microsoft Office scam promises free premium membership | Digital Trends Spanish

With the packaging looking legit enough at first glance, scammers are shipping fake USB flash drives from microsoft-officeloaded with ransomware, to people.

As reported by Tom’s Hardware Y PC MagUSBs are sent to randomly selected addresses in hopes of convincing targets that they inadvertently received a $439 Office Professional Plus package.

Image Source: Martin Pitman/LinkedIn/Tom’s Hardware

Along with the fake USB stick, a product key is also included. However, plugging the USB stick into a system directs the user to call a fake customer support line instead of a real boot installation window for Office.

Once connected to the fraud support line, the threat actors attempt to install a remote access program to breach and control the target’s PC.

Cybersecurity consultant Martin Pitman confirmed the existence of the scam when his mother called him about the package. Because he tried to install what he thought would be Office programs, Pitman was able to get an idea of ​​how the scheme works.

A virus alert is presented to the victim when the USB is plugged in, prompting the user to call a support number. “As soon as the number on the screen was called, the helpdesk installed some kind of TeamViewer (remote access program) and took control of the victim’s computer,” told Sky News.

Disguised as a Microsoft customer support technician, the person on the other end of the phone would also ask for payment details.

As Tom’s Hardware highlights, parcel post schemes are not among the usual tactics used by criminals. But with the growing awareness of email scams, it seems that scammers are now going back to shipping physical products.

Microsoft, which has launched an internal investigation into the matter, said it has seen such methods used in the past, but they are not widespread.

Robert Pooley, who works as a director at UK-based cybersecurity firm Saepio, drew attention to Microsoft Office’s fake USB strategy in July. “All a scam. It shows how important cyber awareness is at work and at home,” he said in a LinkedIn post.

In a similar case that occurred in 2020, security company Trustwave discovered that counterfeit USB sticks, disguised as a $50 best buy gift card promotion, were being sent to unsuspecting targets.

Publisher Recommendations