Microsoft USB Scam Shows the Importance of Security Awareness Training



Just when you thought scammers couldn't get more tricky in their attacks, this example will prove you wrong. One of our KnowBe4 colleagues shared this LinkedIn post on a recent very crafty USB scam:

USB Scam Alert

As you can see, the Microsoft USB looks VERY similar to a USB you would receive from Microsoft in the mail as part of an Office Professional Plus delivery. Unfortunately, the USB was plugged into the victim's computer and ransomware infected the machine.

This should be a valuable lesson for anyone that receives something in the mail that is software - ALWAYS assume that it could be malicious and always double-check with your organization to ensure that it is safe. New-school security awareness training can help your users identify the common red flags. 

We also have a new blog post by Roger Grimes that digs deeper into this malicious USB problem.


Free USB Security Test

On average 45% of your users will plug in USBs. Find out now what your user’s reactions are to unknown USBs, with KnowBe4's new Free USB Security Test. Download our special, "beaconized" file onto any USB drive. Then label the drive with something enticing and drop the drive at an on-site high traffic area. If an employee picks it up, plugs it in their workstation and opens the file, it will "call home" and report the "fail" to your KnowBe4 console. And for Office documents, if the user also enables macros (!), additional data is tracked and geomapped.

USBHow your free 7-day USB Security Test works:

  • Fill out the form, and immediately...
  • Download "beaconized" Word, Excel or PDF files
  • Copy to any USB Drive, label and drop it
  • Reports on opens and if macros were enabled
  • Takes just a few minutes to set up

Test Your Users

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/usb-security-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews