This is the lamest Microsoft Office security threat we’ve ever seen - but people will still fall for it

Sending malware-laden USBs in the post? Really?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Many cybersecurity attacks are often highly-developed, well thought-out schemes that look to get the better of victims through skilled programming andmalwaredeployment - but sometimes you just want to go the simple route.

A new scam has been uncovered that uses the incredibly low-tech technique of sending a USBflash drivethrough the post in the hope that unsuspecting victims will plug it in.

The USB drive claims to be carrying a version ofMicrosoft OfficeProfessional Plus, but in fact carries scamming software, which once installed on a victim’s PC, tricks them into calling a fake support line and handing over bank details.

Microsoft Office USB

Microsoft Office USB

The packages, which featured legitimate-lookingMicrosoftOffice branding including an engraved USB drive and product key, were reported by Martin Pitman, a cybersecurity consultant for security firm Atheniem.

He toldSky Newsthat his mother had alerted him to the delivery arriving at the home of a retired friend. This man was in the middle of trying to “install” whatever was on the USB drive, which had prompted him to call a support line which was asking for his personal details.

In this case, after plugging in the USB drive, a warning appeared saying that a virus had been detected, and to call a toll-free number to get this removed. However doing so passed the victim through to the scammers, who pretended to remove the “virus” before looking to complete the subscription process by taking the victim’s payment details.

Millions of us are using malicious browser extensions without realizing>Open source bug leaves hundreds of thousands of sites open to attack>These are the best firewalls right now

Microsoft has confirmed that the packages are not genuine, tellingSky Newsthat the scam is becoming sadly common as criminals look for new ways to defraud victims.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Microsoft is committed to helping protect our customers. We take appropriate action to remove any suspected unlicensed or counterfeit products from the market and to hold those targeting our customers accountable,” a company spokesperson said.

“We’d like to reassure all users of our software and products that Microsoft will never send you unsolicited packages and will never contact you out of the blue for any reason.”

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

What to do after a data breach?