Infected USB devices
This has reappeared recently in New Zealand. If, when checking your mail box, you find a brand new USB stick, just throw it in the bin immediately.
Scammers are placing these USBs in mailboxes pre-loaded with malicious software. They are even going to the trouble of repacking them so they look factory fresh. They are banking on the recipients being thankful for a free USB or being curious as to what might be on them.
If you receive one it is part of a recurring scam and most likely not spearphishing. Spearphishing means that someone is targeting you as a member of an organisation .
If you make the mistake of connecting it to one of your devices such as a phone or a computer, it is likely that viewing the content (on a computer) will lead to a malware infection. Usually, it takes the opening of a file on a computer to activate the malware. It should not activate by connecting the device alone.
Simply throw the USB stick away without connecting it to any computer.
Be vigilant.
You can find more information on the Sophos blog (2016)