It has been reported that Engineering faculty have received unsolicited flash drives via mail. This may or may not be followed by direct emails. While it is unknown what these contain it is best to assume that these  are targeted attempts to get you to reveal personal information and/or install spyware/ransomware on your computers.

Please use secure computing guidelines and never plug in any USB drives, neither found nor delivered randomly (even if it has a fancy presentation).

In 2022 the FBI issued several warnings that hackers were sending malicious USB thumb drives via mail to companies hoping that recipients would use them and hence infect their computers and networks. At that time a hacker group, FIN7, was targeting communications companies and the USB drives contained auto-execute scripts and tools that would install ransomware which rendered the computer unusable. This mailware-by-mail campaign happens periodically and depends on our guard being down due to attention being given to more sophisticated attacks. So, please use this as a reminder and warning to be leary of random items like this.

If you do receive one of these drives, please let the Engineering IT Support office in your department know. They serve as the Information Security Manager (ISM) for your department and can report the incident and either provide the drive to the UF Information Security & Compliance office or properly dispose of it.

Additionally, remember that UF’s Mobile Computing and Storage Devices policy requires encryption of these devices if you have one of your own.