Microsoft has confirmed to Sky News that criminals are posting counterfeit packages designed to appear like Office products in order to defraud people.
One such package seen by Sky News is manufactured to a convincing standard and contains an engraved USB drive, alongside a product key.
But the USB does not install Microsoft Office when plugged in to a computer. Instead, it contains malicious software which encourages the victim to call a fake support line and hand over access to their PC to a remote attacker.
Microsoft launched an internal investigation into the suspect package after being contacted by Sky News.
The company spokesperson confirmed that the USB and the packaging were counterfeit and that they had seen a pattern of such products being used to scam victims before.
They added that while Microsoft had seen this type of fraud, it is very infrequent. More often when fraudulent products are sold they tend to be product keys sent to customers via email, with a link to a site for downloading the malicious software.
“Microsoft is committed to helping protect our customers. We take appropriate action to remove any suspected unlicensed or counterfeit products from the market and to hold those targeting our customers accountable,” the spokesperson said.
How does the fraud work?
Martin Pitman, a cybersecurity consultant for Atheniem, recovered the fraudulent USB and package after his mother called him when she was at another person’s…
