The USB drive claims to be carrying a version of Microsoft Office Professional Plus, but in fact carries scamming software, which tricks a user to install a fake support line and handing over bank details.
While the idea sounds dumb, the packages feature legitimate-looking Microsoft Office branding including an engraved USB drive and product key.
The scam was spotted in the wild by Martin Pitman, a cybersecurity consultant for security firm Atheniem. His mum rang him after the package arrived at the home of a retired friend who was stuck in the middle of the install.
In this case, after plugging in the USB drive, a warning appeared saying that a virus had been detected, and to call a toll-free number to get this removed. However doing so passed the victim through to the scammers, who pretended to remove the "virus" before looking to complete the subscription process by taking the victim's payment details.
"We'd like to reassure all users of our software and products that Microsoft will never send you unsolicited packages and will never contact you out of the blue for any reason."
Yep, because there is zero reason for Microsoft to send anyone free software ever.