September 6th 2022

By Matthew Phillips

Cyber criminals are using a dated scam to steal your business’s payment details… and it sounds very convincing.

Cyber criminals have a reputation for constantly coming up with new ways to scam us into handing over login details or sensitive data. And while you might think your team would spot an attempted attack, you could be surprised. We’ve all seen a lot of intelligent people – including many business leaders – caught out over the years.

One of the latest scams is pretty…dated? And that seems to be why people are falling for it.

Cyber criminals have gone back to basics. They’re sending USB drives in the post.

The packaging and branding on the drives suggests they’re from Microsoft – which of course, they are not. The story is there’s an updated version of Microsoft Office Professional Plus on the drive and it needs to be installed straightaway.

This is a complete lie. It has been confirmed by Microsoft that these packages are not genuine. Unsolicited packages will never be sent out by the company.

If you plug the drive into your computer it will detect a “virus” and ask you to call a support line. By pretending to remove the virus, scammers will gain your trust. Then they will ask for your payment details to complete a subscription process.

It’s old fashioned, but we can see how the mixture of the physical USB, the belief it’s from Microsoft and the fake support line would be compelling for someone who’s busy and just wants to get back to work.

We expect elaborate, clever attacks through our email. As our tech has evolved, so have the most common scams. Our guard is down with this mix of events.

Be on the safe side and warn everyone in your business about this scam. This is also a good time to review the software and staff training you use to protect your business.