This is the lamest Microsoft Office security threat we've ever seen - but people will still fall for it

Microsoft Office
(Image credit: Shutterstock / monticello)

Many cybersecurity attacks are often highly-developed, well thought-out schemes that look to get the better of victims through skilled programming and malware deployment - but sometimes you just want to go the simple route.

A new scam has been uncovered that uses the incredibly low-tech technique of sending a USB flash drive through the post in the hope that unsuspecting victims will plug it in.

The USB drive claims to be carrying a version of Microsoft Office Professional Plus, but in fact carries scamming software, which once installed on a victim's PC, tricks them into calling a fake support line and handing over bank details.

Microsoft Office USB

The packages, which featured legitimate-looking Microsoft Office branding including an engraved USB drive and product key, were reported by Martin Pitman, a cybersecurity consultant for security firm Atheniem. 

He told Sky News that his mother had alerted him to the delivery arriving at the home of a retired friend. This man was in the middle of trying to "install" whatever was on the USB drive, which had prompted him to call a support line which was asking for his personal details.

Microsoft Office USB drive malware scam

(Image credit: Martin Pitman)

In this case, after plugging in the USB drive, a warning appeared saying that a virus had been detected, and to call a toll-free number to get this removed. However doing so passed the victim through to the scammers, who pretended to remove the "virus" before looking to complete the subscription process by taking the victim's payment details.

Microsoft has confirmed that the packages are not genuine, telling Sky News that the scam is becoming sadly common as criminals look for new ways to defraud victims.

"Microsoft is committed to helping protect our customers. We take appropriate action to remove any suspected unlicensed or counterfeit products from the market and to hold those targeting our customers accountable," a company spokesperson said.

"We'd like to reassure all users of our software and products that Microsoft will never send you unsolicited packages and will never contact you out of the blue for any reason."

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.