Risks of using USB drives
USB drives are very useful and convenient for storing and sharing files, but they can also be used by cybercriminals to spread malware or steal information.
Ways a malicious USB can harm your device
A USB could be used to harm your device by:
- automatically installing malware or ransomware, sometimes without you being notified.
- recording your keystrokes and capturing login details.
- allowing attackers to gain remote access to your device or network.
Common tactics used in USB scams
Attackers may:
- leave infected USB drives in public places, hoping someone will pick one up and plug it into their device. The USBs often contain malicious software designed to infect the device and steal or compromise data.
- distribute giveaway USB drives that contain secret malware at events or by mail.
- exploit lost or stolen USB drives that contain sensitive data. If contents are accessed it may lead to identity theft, corporate data breaches or other security incidents.
How to protect yourself
- Never plug in unknown or found USBs.
- If you find a USB, hand it in to the UQ Security Team, Prentice Building 42, level 1.
- Only use USBs from trusted and reputable sources.
- Where possible, use encrypted or secure USB drives that require passwords or passcodes to unlock.
- Keep your computer and antivirus software updated to block malware if an infected USB is connected.
It’s important you safely and securely manage your files. Learn more about safely storing different types of files by visiting Data at UQ.
What to do if you have fallen victim
Work devices
- Immediately alert the Cyber Security Operations Centre (CSOC) by reporting a cyber concern.
Personal devices
- Disconnect from the internet and run a full antivirus scan.
- If you entered login credentials, change your passwords immediately.
- If your financial information may be at risk, contact your bank immediately and report the incident.
- Report the incident to ACCC Scamwatch and seek help from IDCare if your personal information has been exposed.