If you receive suspicious software, on a USB drive or on any media, ALWAYS assume that it could be malicious and always report it to your organization to ensure that it is safe.
Just when you thought scammers couldn’t get more tricky in their attacks, this example will prove you wrong.
From Robert Pooley’s (with Saepio Information Security) LinkedIn post on a recent security lapse for this person handling an unknown and unexpected USB drive:
As you can see, the “Microsoft” USB drive and the packaging looks VERY official. Like a USB device, you might receive from Microsoft in the mail. Unfortunately, the USB was plugged into the victim’s computer and then a ransomware attack officially launched.
This should be a valuable learning lesson for anyone that receives something suspicious in the mail, especially something that may have software on it – ALWAYS assume that it could be malicious and always report it to your organization to ensure that it is safe.
Remember to Think Before You Click (or insert an unknown or unexpected USB device)!
For additional information, check out our Fraud Resources page at https://richwoodbank.com/fraudresources/.
Stay safe out there,
Richwood Bank IT Chief Information Security Officer/SVP