Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries.
The packages were sent using the United States Postal Service and United Parcel Service.
There are two variations of packages—those imitating HHS are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.
Treat an unknown USB drive much the same as an unknown email. Don’t plug it into your PC or open any attachments unless you know the sender and are expecting to receive it.
Just because you recognize the name or company of the sender does not mean it actually came from them.