What the Tech: gift card scam

Do you think you can spot a scam? Even the most savvy online shopper can fall for a tactic that the FBI is warning people of.

A letter arrives in your mailbox that appears to be from a company you have done business with. Inside the envelope is a message thanking you for your business and stating that due to your support and patronage, the business has included an Amazon or Best Buy gift card. It also includes a very small USB device that, according to the letter, you need to insert into a computer to claim your gift card.

The FBI has warned businesses and individuals that cybercriminals are now using this tactic to trick people into loading dangerous malware onto their computers.

The FBI alert, first noticed by employees of Bleeping Computer, indicates that the office identified a cybercrime organization named FIN7 for sending “BadUSB” drives with the brand name “LilyGo”.

Drives are known to install ransomware on computers, which prevents the hard drives from being used. The cybercriminals then send the computer owner a ransom note, asking them to pay Bitcoin money to gain full access to their computer. Malicious USB drives can also install keylogger software that logs every keystroke and sends it back to the criminal.

What is troubling about these USB drives is their speed of operation. As soon as it is inserted into the computer, the software can open and install itself somewhere on the hard drive.

The FBI has informed some companies that readers are delivered by the United States Postal Service and UPS, further hinting to the recipient that the letters are on the rise.

Physical evidence of cybercrime activity is scarce, and the FBI has asked any company or person receiving the letters to treat the content with care as it may contain evidence in the form of fingerprints that could help investigators locate the perpetrators. .

If you receive a suspicious USB drive, you are prompted to contact the nearest FBI field office and send an email to tips.fbi.gov

Michael N. Clark