Protect yourself against counterfeit USB drives

Sam Foster
Wednesday 28 September 2022

Before OneDrive for Business, many opted to use USB drives to store their files. As they’re light, easy to carry, and have a decent storage capacity, they’re still used today.

USB drives used in cyber attacks

Cyber criminals use USB drives, alongside emails, to distribute malware and gain access to personal devices. The hacker will store a virus on a USB drive and either place it in a busy location or they may mail it to you. Once someone inserts the USB drive into their device, malware would infect the device and the hacker would take over.

Cyber criminals may also redirect you to a phishing website and encourage you to enter your personal information.

Real life example

A Microsoft retiree received an engraved counterfeit USB drive offering free Microsoft Office. The hacker designed the USB drive to install malicious software when plugged in. The software encouraged the user to call a fake support line and handover access to their PC.

Use of USB drives at the University

While OneDrive for Business is the preferred option, some users may still opt for USB drives. If this is the case, see the Information Classification policy implementation guide. Follow the guidance on portable storage devices when using your USB drive. This will help to protect the stored data if damaged, lost, or stolen.

If you need an encrypted USB drive, see our staff IT purchasing webpage.

What can you do to protect yourself?

Never plug in unknown USB drives

Do not plug unknown USB drives into your computer in an attempt to find the owner. If you find a lost USB drive, hand it to the IT Service Desk who will investigate further.

Keep your devices up to date

Ensure your devices are up to date with the latest patches, especially operating system updates. These contain critical security fixes to help keep your device, your data, and the University safe. For more information on the importance of updates, see our blog post.

Use anti-virus

Install anti-virus software on all your devices and keep it up to date. The University supplies a free copy of F-Secure anti-virus to all staff and students. For more information on installing F-Secure, visit the IT security webpages.

If you have any further questions, contact IT Services at [email protected].

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.