A woman in front of some computers.

Tech support scammers target Microsoft users with fake Office 365 USB sticks

Microsoft is a hot target for scammers and acts of fraud. For example, tech support scam websites cover themselves in Windows branding and messages. Phone scammers claim to be calling directly from Microsoft. If it’s not a Bill Gates themed lottery spam mail in your mailbox, it’s a fake Excel spreadsheet laden with dangerous Macros.

Well, Microsoft is now issuing a warning related to a recent scam riding on the coat-tails of their branding. Criminals are producing very slickly designed physical boxes made to look like Microsoft products. The boxes say “Microsoft Office Professional Plus” on the front, along with “product key inside – no disc” at the bottom.

Opening the box reveals a solitary USB stick and a product key. This is about to go as horribly wrong as you’d expect.

Why mysterious USB sticks are probably not your friend

We’ve warned at length about the dangers of plugging random USB sticks into your device. Whether a stranger has given you it in the street as part of a giveaway, or you found it on the floor, or even received it at an event, there’s an element of risk involved.

You simply do not know what lurks on the stick if someone else has used it first. Of course, some fancy Microsoft branding and a large box will work wonders on the “please trust my fancy Microsoft box” front. Some sort of promotional copy of an otherwise expensive document editing tool? Even better.

What happens if someone is unfortunate enough to plug it in?

What’s in the box?

Sadly, people expecting a freebie Office Professional Plus do not receive what they were expecting. What actually happens is victims see a popup for a fake tech support line. Phoning the number is a short step to handing over remote control to the scammers.

Based on the typical tactics, the scammers will install a form of remote access software onto the target PC. At this point, they can pretty much do what they want. Do you have bank details stored on a notepad on your desktop? They can just open it up and take it. Will they install some dubious software or even malware to get up to who knows what? They might, and the victim would probably be none the wiser.

If they stick to the whole “here’s a product of some sort” angle, they may well just ask the victim to make a payment of some sort over the phone. Whatever the end-game, it’s not going to benefit the person sitting in front of their computer.

It’s pretend virus time

In this particular instance, the fake Microsoft outfit went with the “You have a virus, call us” approach. They did indeed attempt to install remote access software. Once the non-existent problem was “solved”, the victim was passed over to a phony Office 365 subscription team.

Microsoft has pointed out that this isn’t a very common tactic. While it has happened in the past, you shouldn’t start living in fear of novelty oversized Microsoft boxes landing on your doorstep to ruin your day.

Should you receive a novelty oversized Microsoft box, don’t panic. Check out Microsoft’s list of tips for staying safe where Microsoft-centric tech support scams are concerned. Report the box directly to Microsoft’s technical support scam reporting page. If there’s anything suspicious, you’ll have some steps to follow and hopefully a safe and timely resolution to follow. Either way: do not plug the USB stick into your computer and you’ll be fine.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.