My friend John reminded me of a security warning I’d seen last fall but had forgotten about. Hackers leave a few USB drives laying around, often in parking lots of large companies. Employees walking into the building find the USB drives and think, “cool, a free USB drive.”
Guess what really happens? The clueless user plugs the USB drive into his or her computer, a virus runs automatically upon connection, and that user now has a keylogger Trojan running. If the hackers are clever, and they usually are, the user will never see any warning messages from their computer.
After talking to the Mystery Writers a week ago, all I could think of when reminded about this was what a great plot device it is. It only takes one clueless user to fall for the trick, and the hacker gets access to the company network without stepping foot inside the building or hacking from outside.
USB drives are cheap. Getting a free security hole opened for business espionage is priceless. Warn your users to treat “free” USB drives the same way they treat attachments in spam: delete without opening.