Evansville Business Warns Residents of Scam Using USB Drives Delivered by Mail
Something that appears to be free may end up costing you more than you can imagine.
Scammers are a crafty bunch. They'll use a variety of tactics to do whatever they can to access your personal information and either rob you blind, or steal your identity and make your life miserable. Normally, they do this in form of an e-mail, text message, or phone call, but some are taking it a step further and using the U.S. Postal Service as an unknowing accomplice.
In my business (the radio business), it's not uncommon for someone to mail us a USB drive, particularly the record company of a musician hoping we'll play their song on the air. Like a copy of their new single or album on CD back in the day, the drives usually feature the artist's logo on the side and contain the song they're hoping we'll play or an advance copy of the entire album along with photos we can use on our website and social media if we choose. However, if you receive a USB drive in the mail out of the blue, there's a chance its purpose is entirely different, and a lot less friendly.
Evansville computer repair business, Digicom, recently shared a post on their Facebook page warning residents of a new scam making its way around the country. In this scam, the scammers are mailing out USB drives to random people as a "free gift." What they don't mention is that this "free gift" is pre-loaded with ransomware and when the recipient plugs the drive into their computer, it infects it giving the individuals who sent it access to all their personal information.
Businesses Targeted
According to CNN, citing a report from the website, Bleeping Computer, the FBI posted an advisory to businesses across the U.S. about the scam saying they believe the Eastern European Cybercriminal group, FIN7 is behind the scam. The advisory said the packages usually show up appearing to be from a government office such as the Department of Health and Human Services, or another corporation such as Amazon. The goal is to get someone within the targeted company to plug the drive into a computer so the group can not only get access to that individual's computer but to the company's entire network, no doubt creating chaos for that company and requiring a large sum of money to fix.
A New Twist on an Old Scam
A Digicom employee told me through an exchange of messages on Facebook they aren't aware of any businesses or individuals in the Evansville area being targeted by the scam. However, they have spoken with people who have been targeted with an older version of it. In that version, someone drops a drive near the entrance of a business with the hope someone will see it, and their natural human curiosity will lead them to plug it into their computer to see if they can find out who it belongs to which gives the scammers the access they're looking for.
As Digicom notes in their post, if you or your company receive an unsolicited drive in the mail, or stumble upon one randomly laying on the ground, "Treat it like you would discarded gum, don't put it in your mouth or your computer."
[Source: Digicom on Facebook / CNN]