Skip to main content

Don’t fall for this devious new Microsoft Office scam

With packaging looking legitimate enough at first glance, scammers are sending out fake Microsoft Office USB sticks — loaded with ransomware — to individuals.

As reported by Tom’s Hardware and PCMag, the USBs are sent out to randomly selected addresses in the hopes of convincing targets that they inadvertently received a $439 Office Professional Plus package.

A package with a fake Microsoft Office USB stick.
Image source: Martin Pitman/LinkedIn/Tom’s Hardware Image used with permission by copyright holder

Alongside the bogus USB stick, a product key is also included. However, plugging the USB stick into a system directs the user toward calling a fake customer support line as opposed to an actual launch installation window for Office.

Recommended Videos

Once connected to the fraud support line, the threat actors attempt to install a remote access program in order to breach and control the target’s PC.

Please enable Javascript to view this content

Cybersecurity consultant Martin Pitman confirmed the scam’s existence when his mother called him regarding the package. Because she tried to install what she thought would be Office programs, Pitman was able to get an insight into how the scheme operates.

An alert of a virus is presented to the victim when the USB is plugged in, prompting the user to call a support number. “As soon as they called the number on screen, the helpdesk installed some sort of TeamViewer (remote access program) and took control of the victim’s computer,” he said to Sky News.

Disguised as a Microsoft customer support technician, the individual on the other end of the phone would also ask for payment details.

As highlighted by Tom’s Hardware, postal packages schemes are not among the usual tactics used by criminals. But with the increasing awareness of email scams, it seems scammers are now reverting to sending out physical products.

Microsoft, which has launched an internal investigation into the matter, said it has seen such methods being used in the past, but they’re not widespread.

Robert Pooley, who works as a director at U.K.-based cybersecurity firm Saepio, brought attention to the counterfeit Microsoft Office USB strategy in July. “Quite the scam. Shows how important cyber awareness is at work and home,” he said via a LinkedIn post.

In a similar case that occurred in 2020, security company Trustwave found counterfeit USB sticks, disguised as a Best Buy $50 gift card promotion, were being sent to unsuspecting targets.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
Whatever you do, don’t click this error if you see it pop up
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

Hackers have devised a new, deceptive method to trick users into installing a malware named ClickFix, according to cybersecurity firm Proofpoint. The scheme involves enticing users with fake solutions to common errors in popular services such as Chrome, OneDrive, and Microsoft. Once users download and execute these "fixes" by clicking the Copy fix button, they unwittingly run a PowerShell or a Windows Run dialogue command that compromises their systems.

This dialogue installs a "root certificate" to flush the DNS cache, remove the clipboard content, show a fake message, and install an additional remote PowerShell script that does an anti-VM check before the info-stealer is installed. Various hacker groups, including those responsible for ClearFake, allegedly use this method. Proofpoint details how hackers exploit jeopardized sites by incorporating a malicious script handed over by Binance's Smart Chain contract on the blockchain to spread malware and infect susceptible Windows computers.

Read more
Sorry, Microsoft — I don’t want Copilot+ reading my DMs yet
Microsoft introducing the Recall feature in Windows 11.

Microsoft is kicking off a new era of PCs -- the Copilot+ era. It's a new category of device designed and built around AI, and the key selling point of a Copilot+ PC is the new Recall feature. I'm not quite on board with it yet, however.

Recall is a collection of several small language models that run on your device all the time. These models track everything you do, from messages and emails you send to where you navigate within Windows 11. And, as the name suggests, Copilot can recall this information whenever you need it, using it as bedrock context for how you interact with your PC.

Read more