Residents in Victor Harbor are being urged to immediately throw away mysterious USB drives appearing in their letterboxes.
Local community members reported finding the unsolicited thumb drives accompanied by a note instructing them to read “chapter 11” of a document stored on the drive. While local discussions suggest the files may contain religious texts, authorities warn that curiosity is exactly what cyber criminals exploit. Under no circumstances should these devices be plugged into a computer or any other device.
A Classic “Social Engineering” Trap
Dropping unmarked USB drives into mailboxes or leaving them in public spaces is a well-documented tactic known as social engineering. Scammers intentionally leverage human curiosity or a desire to be helpful to trick people into compromising their own security.
Cybersecurity experts warn that plugging an untrusted drive into your computer exposes you to severe digital and physical risks:
- Malware and Info-Stealers: Rogue drives can silently install malicious software designed to log keystrokes, steal banking passwords, and harvest personal data.
- Ransomware: The files can trigger malicious code that completely locks you out of your computer, holding your irreplaceable photos and personal files for ransom.
- Hardware Destruction: Some malicious drives act as “USB Killers,” engineered to send a surge of electrical power that physically fries your computer’s motherboard the moment it is inserted.
What To Do If You Find One
Even simply opening a folder to see what is on an unmarked drive is enough to trigger a malicious payload. If you find an unsolicited USB drive in your letterbox, cyber safety experts recommend the following steps:
- Do not plug it in: Avoid inserting the device into your home, work, or public computers under any circumstances.
- Dispose or report it: Throw the drive directly into the bin, or hand it in to your local police station so law enforcement can track the campaign.
- Report the scam online: You can help protect the wider community by reporting the incident to Scamwatch or the Australian Signals Directorate.
