Skip to main content

Have you ever received a flash drive / USB as a free giveaway? Maybe you’ve been at a library, office space, or looked on the ground and found a left-behind flash drive.  Even if you’re curious to see what is on it – don’t plug it into your computer.

You may be surprised to know; these seemingly harmless storage devices can play a role in social engineering or human hacking. What is social engineering? KnowBe4 provides a great definition, “Social engineering is the art of manipulating, influencing, or deceiving you to gain control over your computer system. The hacker might use the phone, email, snail mail, or direct contact to gain illegal access.”

Be wary. The default on most devices is to auto-run a USB drive when it is plugged in. When this happens, if it is a compromised USB, you will essentially be giving a direct line to your systems for hackers to install viruses, obtain usernames and passwords, and even steal sensitive information like social security numbers.

In fact, cybercriminals can compromise any device you are plugging into your computer, even your wireless mouse. It is wise to pay attention to what you are linking to your computer and where the device has previously been.

That national park you visited most likely did not intentionally install malware on the USB they gave you for your audio driving tour; however, there is no telling who had access to it previously and what they placed on the device to attempt a social engineering attack.

Good cyber security practice is never to use a USB or other device for which you don’t have the entire history. It is always better to be cautious and buy a new flash drive instead of using a used or unknown one.

Curious to learn more about avoiding social engineering? Drop us a line at