Don’t Fall for this USB Drive Scam from China


USB Drive

USB Drive Received in the Mail

I definitely want to put this out to the masses – especially to people in my network within the promotional products industry. In my regular USPS mail, I received a key chain USB Drive that was packed-out in a small padded envelope. The product was addressed from Factory A, on Ground Floor Gee, Gang Ind Bldg., No 108 Lok Shange Road, Tokwawan KowLoon J-BSJ. Nothing else was inside the package but the device itself.

In addition to being a children’s picture book author, I also own a 21 year-old marketing business specializing in the wholesale distribution of promotional products (logoed merchandise). Needless to say, receiving a sample of this nature would be fairly commonplace, especially since we sell imprinted USB drives to our clientele – except the package was addressed to me personally and not to my promotional products business, Tagsource, LLC.  The mailing label also had my home phone number on it – a number that is never given out by me or anyone on my staff. That mere fact alone probably saved me from throwing the USB drive into the company sample bin or a desk drawer, or worse yet, letting curiosity get the better of me enough to plug it in to see what was on it.

So, I did a little research on this little USB, and discovered that the “probability” is high that the device has an autorun feature installed on it, malware or other potential virus. Plug it in and your laptop or desktop could be fried, or you may even expose yourself to identity theft. While I can’t be sure that this particular drive is part of a scam, I’m posting several links below which cause me a great deal of concern. Any additional shared insight from other promotional products professionals would be great. This is definitely something we should start talking about within the promotional products industry as a whole. Note that I have sent a tip to the FBI about the device I received. I will let you know if I hear back from anyone there about any known cyber attacks with USB Drives being sent via the USPS from China.

Perhaps maybe our days of reselling imprinted USB drives should be over?

http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html

http://www.dailymail.co.uk/sciencetech/article-2997401/The-killer-USB-FRIES-laptops-Malicious-drive-uses-high-voltage-destroy-computer-s-circuit-board.html

https://www.reddit.com/r/sysadmin/comments/1ozisp/this_suspicious_little_usb_device_that_our_it_got/

http://www.wired.com/2014/10/unpatchable-usb-malware-now-patchsort/

http://www.ucs.cam.ac.uk/support/windows-support/winsupuser/usbinfections

http://magazine.promomarketing.com/blog/yes-we-should-be-scared-about-bad-usb-drives-dale-denham

Tonia Allen Gould/CEO

Tagsource, LLC

www.tagsource.com

#USBSCAM

biobag_specsUpdate:  We took the liberty of querying one of our USB Drive suppliers, iClick, about the security risk.  Here’s their response on the matter:

From: Jacquie Little [mailto:jacquiel@iclick.com]
Sent: Wednesday, August 26, 2015 2:21 PM
To: kelley@tagsource.com
Cc: TJ Vail

Hi Kelley,

Thanks for sending this our way. We have been aware of these types of scams and our solution to combat was to provide a sealed security packaging for all of our USB drives. See the specs attached. This may be something you would like to share with your team.  It’s another element of our commitment to product safety and protecting our customer’s from potential hazards associated with USB distribution.

If you have any questions or further concerns, please let me know how I can assist.

Thanks for reaching out and have a great day.


Jacquie Little
Decorate and Customer Resolutions Lead / iClick

Custom Ninja USB Drive produced by Tagsource.com