This week’s scam comes from the FBI, which has been tracking a series of scams involving USB devices. When these devices are plugged into a computer system, it automatically injects a series of keystrokes to download and execute a malware payload. NEVER plug in an external drive of unknown origin to your computer.
According to the FBI, different industries have been hit with these scams throughout 2021, including the US defense industry, transportation, and insurance industries, and even retail businesses, restaurants, and hotels.
Businesses receive these USB devices through the mail, accompanied by fictitious letters purporting to be from the US Department of Health and Human Services (HHS) and providing information on COVID-19 guidelines, or as fake gifts with forged Amazon thank you cards and counterfeit gift cards.
What else has been reported to email@example.com over the holiday break?
- Job Offer – a continuation of what we saw the week before, a too good to be true part-time job opportunity
- Campus Update – same as above…….
- Job Alert – same as above……. the scammers were persistent!
- [Ext] Have your subscription details here – the bad guys were tired of trying to do Norton auto-renewals, so this one was for Mcafee.
- [Ext] INVOICE No. OCRX01052022 – and then they went back to Norton for the auto-renewal scam
- Email Verification – a scam advising the recipient they have 24 hours to update their University of Tennessee Knoxville password before it expires. Signs it is was a scam was it came from a student’s email address and the “Click Here” link went to a Google docs site, not UTK.
Keep reporting suspicious emails to firstname.lastname@example.org for examination and any other inquiries for the Office of Cybersecurity should be directed to email@example.com. Remember that widespread phishing emails will also be reported to the Phishbowl.