The saying: “All that glitters is not gold” also applies to giveaways. The best example in this case would be the rather recent one of the mobile network provider O2 who sent USB pens as a giveaway to British business customers – which included a little ‘surprise’, namely a windows-specific virus.
The giveaway – and its potential impact
In O2’s case it was the business customers who had to bear the impact and repercussions of the virus. Although O2 did already alert them one day later via e-mail they still had to ensure that employees would not use the infected USB pens. In cases where it was already too late (come on, everyone likes to test out gifts like that asap!) computers need to be taken from the networks, data needs to be saved, and the PCs need to be cleaned. Employees who wanted to try the pens out in the quiet of their home have their hands full, too.
However, this damage is not always just limited to yourself. In the case of O2 the virus is more perfidious: If it infects computers which are used as web servers it also can – according to theregister.co.uk – affect the visitors of these web sites.
The offer of more or less attractive giveaways can be just another scam which is used by cybercriminals to gather private and/or business data. Depending on the possibilites the giveaway offers, a multitude of things can be implemented: Keyloggers, malware, Trojans, and even ransomware are just some of the examples that companies and people like you and I might have to deal with afterwards.
In an article from 2011 the Microsoft TechNet blog describes a test that shows that nothing – not even mice – are safe from being used for evil. The result was quite interesting, so read up on it if you find the time.
In a more recent study, Elie Burstein, team lead for Anti-Fraud and Abuse Research at Google discovered that not just giveaways can become harmful to companies and private citizens. His test was all about “lost” USB sticks, how many of them were picked up – and on how many of them the files placed on said sticks were opened. About 98 percent of all “lost” USB sticks were picked up and – alarmingly – about 45 percent of these sticks called home. This is equally dangerous for companies and private citizens.
Thus pay attention: All that glitters is not gold!