You’re walking through the office parking lot and find a USB stick labeled “Payroll” or “Confidential.” Would you plug it in to see what’s inside?
That’s exactly what cybercriminals hope you’ll do.
This tactic, known as a USB drop attack, relies on human curiosity. Once inserted, the USB can auto-run malware that steals data, installs ransomware, or opens backdoors.
🎯 Why It Works:
People assume USBs are safe
Some systems auto-execute files on insertion
It exploits curiosity, not code
🛡️ How to Stay Safe:
Never plug in unknown USB devices — even if they look legitimate
Disable auto-run and auto-play features on all systems
Use endpoint protection software with USB monitoring
Report any suspicious USBs to your IT/security team
Provide security training that includes USB baiting scenarios
💡 Quick Tip:
🔌 Treat unknown USBs like suspicious links — never trust, always verify.
