Cybercriminal groups have recently attempted to hack US companies by mailing organizations malicious USB drives.
According to reports given to the FBI, a group of insurance, transportation, and defense companies recently received a series of fake letters via the US Postal Service and UPS impersonating the Department of Health and Human Services (HHS) and, in some cases, Amazon.
Packages imitating HHS are often accompanied by letters referencing COVID-19 guidelines and include a LilyGo USB. Those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a LilyGo USB.
Should you receive any packages or letters from Amazon or HHS containing USB drives, DO NOT insert the drive into your computer as this will give the hacking group access to your organization’s networks where they can deploy ransomware. The FBI is asking all organizations that receive a package from the hacking group to “handle it with care to preserve DNA and fingerprints that may be obtainable from the package.”
Remember, you should only open files or USB drives that you were expecting. When in doubt, follow up with the sender directly to ensure the attachments/USB drives came from a trusted source and are not malware.
Here are some additional resources on this topic for your review:
- FBI warns cybercriminals have tried to hack US firms by mailing malicious USB drives – CNN
- FBI Warning! Hackers Mail Malicious USB Flash Drives to Spread Ransomware – Tech Times
- ALERT: USB Drives with COVID-19 Info May Seem Useful But FBI Says Be Wary – ClearanceJobs
Lastly, REALTORS® are encouraged to use this cybersecurity checklist from the National Association of REALTORS® (NAR). Because data protection and cybersecurity laws differ across the country, NAR recommends that you work with an attorney licensed in your state to help you develop cybersecurity-related programs, policies, and materials.