MYSTERIOUS ‘ANONYMOUS COMPLAINT’ ENVELOPE WITH USB – DO NOT PLUG IN OR RISK LOSING ALL DATA!

• 09/12/2025

Recently, many social media users have been buzzing about people unexpectedly receiving express mail envelopes containing anonymous complaint letters and suspicious USB drives. The letters have no listed sender, no signature, no final page, and do not carry any official seal from authorities. Although the paper may show a faint circular stamp, it is merely printed and holds no legal value. While this story is currently shared by netizens and has not been verified by official authorities, if true, it points to an increasingly sophisticated scam scenario.

The scheme usually starts very simply: attackers exploit the victim’s curiosity and anxiety when they suddenly receive a complaint letter concerning a particular organization or individual. Irregularities in the letter’s format and origin create confusion, serving as the “bait” to lure the victim into interacting with the most dangerous item in the envelope: the unknown USB drive.

An image shared by a member of the WhiteHat Group shows a case suspected to be a sophisticated attempt to exploit the recipient’s curiosity. It is noticeable that the document has multiple irregularities in terms of format and legal authenticity.
(Source: Hồ Trần Thành Công)

According to WhiteHat cybersecurity experts, many criminal groups now use USB drives as tools to deploy self-activating malware. Simply plugging the USB into a computer—without even opening any files—can:

• Infiltrate systems and spread to other devices on the same network

• Steal personal data, bank passwords, and work documents

• Install spyware to remotely control devices

• Encrypt data to demand ransom (ransomware)

If this is indeed the tactic, the USB is not a “confidential document” but a digital time bomb waiting to explode.

How to protect yourself from “suspicious USB” traps

Such seemingly simple schemes are highly effective, often targeting elderly people, homemakers, office workers with limited tech knowledge, and even children and students—those naturally curious who might be tempted to “plug in and see what’s inside.” A single careless action can already achieve the attacker’s goal.

To avoid becoming a victim or getting involved in serious incidents, remember these key safety rules:

• Never plug in a USB drive, memory card, external hard drive, or any unknown device into your computer

• Do not download attachments from unclear or suspicious sources

• Report the incident to the police and hand over the envelope to authorities for handling

• Stay alert: legitimate documents are never sent via unverified, unofficial devices

Nowadays, cybercriminals exploit both technology and human psychology. A single click, plugging in a suspicious USB, or excessive curiosity can be enough to lose all your data to malicious actors.