ZDNET reported today that Trustwave was called in when scammers sent a hospitality provider a fake thank you for being a Best Buy customer letter with an attached USB stick. This is an old one and known as “Bad USB Attack.” You can find this in our library of social engineering modules. The kind letter and gift had instructions to install and was signed by a phony customer relations rep. Of course the stick was a loaded malware package waiting to gush forth its nasty payload once an unsuspecting and curious employee inserted into a USB. Trustwave acting on behalf of the client tested on safe machine a and found it triggered keys strokes, a script and then a powershell script. Of course you wouldn’t fall for this either. Right?