In addition to being a children’s picture book author, I also own a 21 year-old marketing business specializing in the wholesale distribution of promotional products (logoed merchandise). Needless to say, receiving a sample of this nature would be fairly commonplace, especially since we sell imprinted USB drives to our clientele – except the package was addressed to me personally and not to my promotional products business, Tagsource, LLC. The mailing label also had my home phone number on it – a number that is never given out by me or anyone on my staff. That mere fact alone probably saved me from throwing the USB drive into the company sample bin or a desk drawer, or worse yet, letting curiosity get the better of me enough to plug it in to see what was on it.
So, I did a little research on this little USB, and discovered that the “probability” is high that the device has an autorun feature installed on it, malware or other potential virus. Plug it in and your laptop or desktop could be fried, or you may even expose yourself to identity theft. While I can’t be sure that this particular drive is part of a scam, I’m posting several links below which cause me a great deal of concern. Any additional shared insight from other promotional products professionals would be great. This is definitely something we should start talking about within the promotional products industry as a whole. Note that I have sent a tip to the FBI about the device I received. I will let you know if I hear back from anyone there about any known cyber attacks with USB Drives being sent via the USPS from China.
Perhaps maybe our days of reselling imprinted USB drives should be over?
http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html
https://www.reddit.com/r/sysadmin/comments/1ozisp/this_suspicious_little_usb_device_that_our_it_got/
http://www.wired.com/2014/10/unpatchable-usb-malware-now-patchsort/
http://www.ucs.cam.ac.uk/support/windows-support/winsupuser/usbinfections
http://magazine.promomarketing.com/blog/yes-we-should-be-scared-about-bad-usb-drives-dale-denham
Tonia Allen Gould/CEO
Tagsource, LLC
#USBSCAM
Update: We took the liberty of querying one of our USB Drive suppliers, iClick, about the security risk. Here’s their response on the matter:
From: Jacquie Little [mailto:jacquiel@iclick.com]
Sent: Wednesday, August 26, 2015 2:21 PM
To: kelley@tagsource.com
Cc: TJ Vail
Hi Kelley,
Thanks for sending this our way. We have been aware of these types of scams and our solution to combat was to provide a sealed security packaging for all of our USB drives. See the specs attached. This may be something you would like to share with your team. It’s another element of our commitment to product safety and protecting our customer’s from potential hazards associated with USB distribution.
If you have any questions or further concerns, please let me know how I can assist.
Thanks for reaching out and have a great day.
—
Jacquie Little
Decorate and Customer Resolutions Lead / iClick
