What the Tech? FBI Warns of USB Drives Arriving in Mailboxes
Do you think you can spot a scam? Even the savviest online shopper may fall for a tactic the FBI is warning people about.
A letter arrives in your mailbox that appears to be from a company you’ve done business with. Inside the envelope is a message thanking you for your business and says due to your support and patronage, the company has included an Amazon or Best Buy gift card.
It also includes a very small USB device which, the letter states, you should insert into a computer to claim your gift card.
The FBI issued a warning to businesses and individuals that cyber-criminals are using this tactic now to trick people into loading dangerous malware on their computers.
The FBI alert, first noticed by the folks at Bleeping Computer states the bureau has identified a cyber-crime organization named FIN7 to have sent the ‘BadUSB” drives with a brand name “LilyGo”.
The drives have been known to install ransomware on computers which locks the hard drives from being used. Cyber-criminals then issue the computer owner a ransom note, instructing them to pay money in Bitcoin to gain full access to their computer.
Malicious USB drives may also install keylogger software that records every keystroke and sends it back to the criminal.
What’s disturbing about these USB drives is how fast they work. The instant it is inserted into the computer, the software can open and install somewhere on the hard drive.
The FBI notified some businesses that the drives are delivered by the United States Postal Service and UPS, further hinting to the receiver that the letters are on the up-and-up.
Physical evidence of cyber-criminal activity is rare and the FBI has instructed any business or individual receiving the letters to treat the contents with care as they might contain evidence in the form of fingerprints that could help investigators track the perpetrators.
If you receive a suspicious USB drive you’re asked to contact the nearest FBI Field Office and send an email to tips.fbi.gov