top of page

Tech support scammers target Microsoft users with fake Office 365 USB sticks

Microsoft has issued a warning to customers after discovering that threat actors are using their brand to defraud and exploit people in a variety of ways…

Instances identified by Microsoft have included fake tech support phone calls and emails purporting Bill Gates-themed lottery spam mail, with Excel spreadsheets containing malicious macros.

A more recent concern involved threat actors reproducing imitations of Microsoft products. One package appeared to be manufactured to a convincing standard and contained an engraved USB drive, alongside a product key.

Upon connecting the USB to a device rather than the advertised software from Microsoft, the victim saw a popup for a fake tech support line. According to Martin Pitman, a cybersecurity consultant for Atheim, the warning screen appeared saying there is a virus, and encouraged the user to get help to fix the issue by calling ‘support’.

Should the number be called, the fake helpdesk were reported to have installed a remote access trojan (RAT) and take control of the device.

Baiting attacks are not new, they target specific victims and rarely use postal packages for various reasons.

However in this case, the threat actors - who are suspected to be operating from the UK - targeted random people using the postal packaged.

Such targeting may seem inefficient, but if you send out a thousand counterfeit Microsoft Office packages and steal money or exploit a few dozen people, the act will quickly pay for itself.

Moreover, it could be more efficient than sending out millions of fraudulent emails, as individuals become more vigilant of email scammers.

Overall Microsoft is aware of the issue but says it is a rare occurrence. However, it is not so rare for Microsoft to be mindful of it and launch an internal investigation.

In the interim, the company have resorted to distributing software via the internet and advised customers to visit the appropriate Microsoft support page to find out how to avoid fraud and scams.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page