If you happen to receive a letter from Best Buy that comes with a free USB drive inside of it, don’t rejoice just yet. This is because according to a report from Trustwave, it seems that these USB drives are filled with malware that could hijack your computer if you were to insert it into your PC.
According to the report, the letter contains a message from Best Buy thanking the person for being a regular customer. It also includes a $50 gift card and a USB drive, which according to the message contains a list of products that customers will be able to use with gift card with, which is how the attackers trick people into inserting it into their computers.
To check what the USB drive does, the researchers plugged it into an air-gapped computer and sure enough, it contained malicious code. As the researchers note, due to the computers inherently trusting keyboards by default, it did not seem to raise any red flags when the drive was plugged in (the drive was designed to emulate a keyboard), thus allowing the code on the drive to be executed.
It is unclear how widespread this scam is, but if you do receive one of these letters in the mail, it’s probably not a good idea to plug that drive into your computer. Alternatively, if you want to be extra sure, you could always give Best Buy a call to double check.