A USB drop attack is a type of cyber-attack where a USB drive, typically pre-loaded with malware, is physically left in a location with the intent that an unsuspecting individual will pick it up and plug it into a computer.

• Social engineering: In this method, the attacker might pose as an employee or contractor, perhaps even wearing a uniform or flashing a fake ID, to infiltrate a targeted business. Once inside, they discreetly plant USB drives in strategic locations, like conference rooms or near workstations.
• Public placement: Some attackers don’t bother with elaborate schemes or disguises. Instead, they scatter USB drives in public places where the foot traffic is high. They rely on the power of human curiosity and the age-old allure of “free stuff” to get people to pick up and plug in the device.

In other words, a USB drop attack is the digital equivalent of the well-known Trojan Horse story, in which a seemingly innocuous object harbors a hidden danger. Just like the wooden horse that the Greeks used to infiltrate Troy, the USB drive appears harmless, even useful. But once it’s plugged into a computer, the malicious software hidden inside springs into action, compromising your system and potentially even your entire network.

More info: star method interview works