Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t plug that strange USB into your computer – who knows where it has been? However, these stories never specify the companies attacked this way. Well, we have seen a rare example of a documented USB flash drive attack against a US hospitality provider. In this case the attack used good old US snail mail to deliver the attack and a Best Buy gift card as a lure. So, beware of those unsolicited flash drives!