{"id":60804,"date":"2026-06-05T21:18:42","date_gmt":"2026-06-05T21:18:42","guid":{"rendered":"https:\/\/www.theregister.com\/a\/5251891"},"modified":"2026-06-05T21:18:42","modified_gmt":"2026-06-05T21:18:42","slug":"if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/","title":{"rendered":"If you don’t fall for these extortionists’ calls, they’ll show up with USB sticks"},"content":{"rendered":"
<\/div>\n

If they don’t get you online, they’ll try in person. A data-theft and extortion gang has targeted \u201cdozens\u201d of banks, law firms, and other professional services companies in the US from January through May, using fake help desk calls and other social-engineering techniques to gain access to corporate IT environments, according to Google\u2019s Mandiant incident response team. <\/p>\n

And when those remote-deception methods don\u2019t work, the criminals sometimes show up at victims\u2019 physical offices, posing as IT technicians, and attempt to steal sensitive files using thumb drives.<\/p>\n

Google\u2019s threat hunters track the extortion threat group as UNC3753, while other analysts call it Luna Moth, Chatty Spider, and Silent Ransom Group<\/a>. The crew has been around since 2022, originally using fake software renewal emails and other billing lures, typically with PDF attachments containing phone numbers for attacker-controlled call centers, as their means of gaining initial access to corporate networks.<\/p>\n

Beginning around March 2025, the crims shifted tactics and started posing as IT help desk staff<\/a>.<\/p>\n

\u201cWhile UNC3753 primarily relies on digital vectors, GTIG assesses that associated threat actors have also attempted direct data theft using physical, in person access,\u201d Google incident responders and researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said<\/a> in a Friday blog.<\/p>\n

The authors also pointed to a May FBI alert<\/a> to corroborate this in-person tactic. <\/p>\n

According to the feds, Silent Ransom Group crooks have been walking into law firms\u2019 physical offices as recently as this spring. Once they are on-site, they claim to be IT support staff needing to image a device or create local backups for security reasons. If that line works, they plug a thumb drive into the victim\u2019s computer and steal data the old-fashioned way.<\/p>\n

\u201cAlthough limited forensic evidence and the absence of a subsequent extortion attempt prevent formal attribution, GTIG assesses that these physical intrusions are likely associated with UNC3753 based on structural, timeline, and targeting overlaps,\u201d the blog said.<\/p>\n

Google won\u2019t say how many dozens of firms have been targeted in these attacks, or how many ended in the data thieves paying a visit to the victims\u2019 locations. <\/p>\n

\u201cWhile we can\u2019t share additional details regarding specific investigations, Mandiant CTO Charles Carmakal notes that this tactic has been observed over the years,\u201d a spokesperson told The Register<\/span>. \u201cMandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks.\u201d<\/p>\n

Another noteworthy thing about UNC3753\u2019s attacks: they are very fast. In many of Mandiant\u2019s investigated incidents, the entire operation from initial contact to data extortion occurred in just one day. \u201cRecently, Mandiant observed data searches, staging, and theft initiated in under an hour,\u201d the threat analysts warned. <\/p>\n

These intrusions typically begin with an invoice-themed email – but these don\u2019t usually contain any malicious links or attachments. The email\u2019s sole purpose is to give the miscreants a plausible reason to follow up via phone, so that the recipient is more likely to believe the call is legitimate.<\/p>\n

Most of the crew\u2019s entry mechanisms involve voice-phishing<\/a>, using a method<\/a> that has worked so well for other groups<\/a> like ShinyHunters<\/a> and Scattered Spider<\/a> over the past few years. <\/p>\n

UNC3753 calls organizations\u2019 employees directly and purports to be a help desk worker or member of the security team. The criminals say they need the target\u2019s help addressing a security issue or aiding with a corporate data migration project, and convince the individual to join a screen-sharing session via Zoom, Microsoft Terminal Services, Microsoft Teams, or Quick Assist. <\/p>\n

In one such intrusion, using Teams to gain access to the victim\u2019s computer, the attacker jumped on five separate calls with the same target over a three-day period, we\u2019re told.<\/p>\n

\n
\n

Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks <\/h3>\n<\/p><\/div>\n<\/div>\n

And in more than one incident that Mandiant responded to, UNC3753 established Zoom sessions directly on targets’ personal laptops, using these machines to access corporate virtual desktop infrastructure (VDI) using native client platforms, such as Windows 365 or Citrix clients. <\/p>\n

Once they\u2019re in the corporate systems, the intruders map local directories and network drives, and target specific legal and document storage repositories. The crooks also use very-specific keyword searches to find sensitive folders containing tax logs (Forms W-2, W-9, and 1099), audit files, corporate client agreements, and Social Security numbers, before staging this data for exfiltration.<\/p>\n

UNC3753 uses several methods to sneak the data out of the corporate IT environment without setting off any security alarm bells, including using portable versions of free Windows file manager WinSCP or another open source filesystem like Rclone. <\/p>\n

The crew has also been known to log into a file-sharing account from the victim\u2019s browser and upload the stolen files that way – or even instruct the victims to send the files to an attacker-controlled email address.<\/p>\n

After stealing the data, they send the extortion email, usually within 30 minutes of exiting the victim\u2019s environment, and set a three-day deadline to respond and begin the negotiation process. \u201cWe hope to find a financial solution that will be acceptable for both parties,\u201d reads one such extortion email. <\/p>\n

It continues:<\/p>\n

In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data. You will receive claims from individuals, and legal entities for information leakage and breach of contracts, your current deals will be terminated. Journalists and others will dig into your documents, finding inconsistencies or violations in them. Your organization will lose its reputation, shares will fall in price, and your organization will be forced to close.<\/p>\n

Stay safe, friends<\/h3>\n

In the Friday report, Google\u2019s threat hunters list IP addresses and other indicators of compromise, including these phishing domains that UNC3753 uses in its social-engineering attacks, all designed to look like the target organization\u2019s help desk: <organization>-itdesk[.]com, <organization>-it[.]com, and <organization>-helpdesk[.]com.<\/p>\n

The security shop also suggests a range of things companies can do to avoid falling victim to this group and other voice-phishing scams or physical office intrusions. <\/p>\n

\n
\n

MORE CONTEXT<\/h2>\n<\/p><\/div>\n<\/div>\n

Some of the physical controls include requiring visitors to display official credentials and photo identification, and mandating front-desk staff log all visitor IDs before granting access. Also, check pre-scheduled work orders to ensure the \u201ctechnician\u201d at the front desk is who they say they are, and make sure any visiting technical service workers are always accompanied by a corporate, in-office supervisor.<\/p>\n

Because the bulk of these intrusions occur without any physical entry into the office, however, companies should also implement remote access conditional access policies to ensure only corporate-owned devices can authenticate to any VDIs or VPNs. Plus, block the installation and execution of unauthorized remote monitoring and support utilities. \u00ae<\/p>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

When ‘Chatty Spider’ morphs into tech services cosplay spider READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":60805,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[1047],"class_list":["post-60804","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register","tag-cyber-crime"],"yoast_head":"\nIf you don't fall for these extortionists' calls, they'll show up with USB sticks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"If you don't fall for these extortionists' calls, they'll show up with USB sticks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-05T21:18:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/image.theregister.com\/5251908.jpg?imageId=5251908&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"If you don’t fall for these extortionists’ calls, they’ll show up with USB sticks\",\"datePublished\":\"2026-06-05T21:18:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/\"},\"wordCount\":1164,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg\",\"keywords\":[\"Cyber Crime\"],\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/\",\"name\":\"If you don't fall for these extortionists' calls, they'll show up with USB sticks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg\",\"datePublished\":\"2026-06-05T21:18:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg\",\"width\":100,\"height\":66},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber Crime\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cyber-crime\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"If you don’t fall for these extortionists’ calls, they’ll show up with USB sticks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"If you don't fall for these extortionists' calls, they'll show up with USB sticks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/","og_locale":"en_US","og_type":"article","og_title":"If you don't fall for these extortionists' calls, they'll show up with USB sticks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-06-05T21:18:42+00:00","og_image":[{"url":"https:\/\/image.theregister.com\/5251908.jpg?imageId=5251908&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"If you don’t fall for these extortionists’ calls, they’ll show up with USB sticks","datePublished":"2026-06-05T21:18:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/"},"wordCount":1164,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg","keywords":["Cyber Crime"],"articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/","url":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/","name":"If you don't fall for these extortionists' calls, they'll show up with USB sticks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg","datePublished":"2026-06-05T21:18:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks.jpg","width":100,"height":66},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyber Crime","item":"https:\/\/www.threatshub.org\/blog\/tag\/cyber-crime\/"},{"@type":"ListItem","position":3,"name":"If you don’t fall for these extortionists’ calls, they’ll show up with USB sticks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60804"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60804\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60805"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}