I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam.
An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit. This is where people’s biases will come into play. If they plug it in and there’s a popup asking “Are you sure” then unless they’re a bit savvy or paranoid, most people will click yes, and proceed with installing whatever malware may be on the stick.
It’s something that most IT pro’s on here will be well-versed in knowing how to spot and avoid, but worth mentioning to friends and family. It’s one of those attacks that good awareness and healthy paranoia can prevent.