Skip to main content

Don’t fall for this devious new Microsoft Office scam

With packaging looking legitimate enough at first glance, scammers are sending out fake Microsoft Office USB sticks — loaded with ransomware — to individuals.

As reported by Tom’s Hardware and PCMag, the USBs are sent out to randomly selected addresses in the hopes of convincing targets that they inadvertently received a $439 Office Professional Plus package.

A package with a fake Microsoft Office USB stick.
Image source: Martin Pitman/LinkedIn/Tom’s Hardware Image used with permission by copyright holder

Alongside the bogus USB stick, a product key is also included. However, plugging the USB stick into a system directs the user toward calling a fake customer support line as opposed to an actual launch installation window for Office.

Once connected to the fraud support line, the threat actors attempt to install a remote access program in order to breach and control the target’s PC.

Cybersecurity consultant Martin Pitman confirmed the scam’s existence when his mother called him regarding the package. Because she tried to install what she thought would be Office programs, Pitman was able to get an insight into how the scheme operates.

An alert of a virus is presented to the victim when the USB is plugged in, prompting the user to call a support number. “As soon as they called the number on screen, the helpdesk installed some sort of TeamViewer (remote access program) and took control of the victim’s computer,” he said to Sky News.

Disguised as a Microsoft customer support technician, the individual on the other end of the phone would also ask for payment details.

As highlighted by Tom’s Hardware, postal packages schemes are not among the usual tactics used by criminals. But with the increasing awareness of email scams, it seems scammers are now reverting to sending out physical products.

Microsoft, which has launched an internal investigation into the matter, said it has seen such methods being used in the past, but they’re not widespread.

Robert Pooley, who works as a director at U.K.-based cybersecurity firm Saepio, brought attention to the counterfeit Microsoft Office USB strategy in July. “Quite the scam. Shows how important cyber awareness is at work and home,” he said via a LinkedIn post.

In a similar case that occurred in 2020, security company Trustwave found counterfeit USB sticks, disguised as a Best Buy $50 gift card promotion, were being sent to unsuspecting targets.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Apple Mac mini M2 buying guide: don’t make this mistake
The M1-powered Mac Mini.

Apple's M2 Mac mini brings a long-awaited update to one of the best desktop computers you can buy. Although it's an impressive machine overall, you have to pay close attention when configuring one.

Choosing the wrong parts can result in a Mac mini that's much slower than it should be. We're here to help you choose the ideal configuration for your budget, as well as steer you away from some performance pitfalls with cheaper models.
Here's the M2 Mac mini

Read more
I switched to an AMD GPU for a month — here’s why I don’t miss Nvidia
RX 7900 XTX slotted into a test bench.

AMD's RX 7900 XTX currently tops Digital Trends' list of the best graphics cards. But there's more to a GPU than just performance testing and benchmarks, and some of those things can't be discovered until you live with a piece of tech day in and day out.

So, I figured it was high time to put my proverbial money where my mouth is by using AMD's card every day in my own PC. And a month later, I'm happy to report that aside from some minor hiccups, I don't miss Nvidia as much as I thought I would.
4K flagship performance

Read more
Microsoft Teams Premium uses AI to automatically recap your meetings
Three women in a Microsoft Teams meeting.

Microsoft has just made Teams Premium available for a short time. The preview will allow Microsoft's customers to test out some of the new features that won't be widely available for a while yet.

A few interesting features are making an appearance during this short trial run, including the ability to add custom branding to meetings, live translated captions, and meeting recaps prepared by artificial intelligence (AI).

Read more