Skip to main content
  1. Home
  2. Computing
  3. News

Don’t fall for this devious new Microsoft Office scam

Add as a preferred source on Google

With packaging looking legitimate enough at first glance, scammers are sending out fake Microsoft Office USB sticks — loaded with ransomware — to individuals.

As reported by Tom’s Hardware and PCMag, the USBs are sent out to randomly selected addresses in the hopes of convincing targets that they inadvertently received a $439 Office Professional Plus package.

A package with a fake Microsoft Office USB stick.
Image source: Martin Pitman/LinkedIn/Tom’s Hardware Image used with permission by copyright holder

Alongside the bogus USB stick, a product key is also included. However, plugging the USB stick into a system directs the user toward calling a fake customer support line as opposed to an actual launch installation window for Office.

Recommended Videos

Once connected to the fraud support line, the threat actors attempt to install a remote access program in order to breach and control the target’s PC.

Cybersecurity consultant Martin Pitman confirmed the scam’s existence when his mother called him regarding the package. Because she tried to install what she thought would be Office programs, Pitman was able to get an insight into how the scheme operates.

An alert of a virus is presented to the victim when the USB is plugged in, prompting the user to call a support number. “As soon as they called the number on screen, the helpdesk installed some sort of TeamViewer (remote access program) and took control of the victim’s computer,” he said to Sky News.

Disguised as a Microsoft customer support technician, the individual on the other end of the phone would also ask for payment details.

As highlighted by Tom’s Hardware, postal packages schemes are not among the usual tactics used by criminals. But with the increasing awareness of email scams, it seems scammers are now reverting to sending out physical products.

Microsoft, which has launched an internal investigation into the matter, said it has seen such methods being used in the past, but they’re not widespread.

Robert Pooley, who works as a director at U.K.-based cybersecurity firm Saepio, brought attention to the counterfeit Microsoft Office USB strategy in July. “Quite the scam. Shows how important cyber awareness is at work and home,” he said via a LinkedIn post.

In a similar case that occurred in 2020, security company Trustwave found counterfeit USB sticks, disguised as a Best Buy $50 gift card promotion, were being sent to unsuspecting targets.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more
I spent a fortune on a Copilot+ PC, and I’ve barely ever touched Microsoft’s AI
Microsoft needs to give Copilot+ PC owners a reason to use Copilot
Copilot

There is a dedicated Copilot key on my ASUS Zenbook 14 OLED. Months after buying the laptop, it may be one of the least important keys on the entire keyboard. My Zenbook UM3406 runs on AMD’s Ryzen AI 300 series processor, complete with a dedicated NPU offering up to 50 TOPS of AI performance. That qualifies it as a Copilot+ PC, which makes it a part of what Microsoft once described as the new era for Windows.

AI is already a regular part of my workday. I use it for research, brainstorming, and working through ideas. But rather than relying on something built into the Windows OS, I've relied on the likes of ChatGPT, Claude, and Gemini.

Read more