The Hidden Dangers of Unsolicited Packages: Understanding Brushing Scams and Free Gift Frauds

Published by FreebieBag Team on | Category Free Stuff

Introduction

Receiving an unexpected package at your doorstep can be a pleasant surprise, but it may also signal a serious security risk. A growing phenomenon known as a “brushing scam” involves unsolicited merchandise being sent to individuals without their consent. While the items may appear to be free gifts, they are often part of a fraudulent scheme designed to manipulate online reviews and compromise personal information. This article explains what brushing scams are, how they operate, the potential dangers they pose, and the steps consumers can take to protect themselves, based on information from official sources and security organisations.

What is a Brushing Scam?

A brushing scam occurs when an individual receives a package they did not order, typically containing a low-cost item. The sender is usually an unethical third-party seller who has obtained the recipient’s personal information—such as their name and address—online. The primary goal is to create the illusion that the recipient is a verified buyer who has left a positive review for the product. By posting fake reviews under the recipient’s name, the seller fraudulently inflates the product’s ratings and sales figures, which can lead to increased genuine purchases. This practice is illegal in many countries, including the United States and the United Kingdom.

The items sent are typically lightweight and inexpensive to ship, such as hand warmers, flashlights, Bluetooth speakers, or computer vacuum cleaners. In some notable cases, recipients have received random packages of seeds from China, luxury jewellery, or other unexpected goods. The packages often lack a return address or may feature a retailer’s address, but the sender is rarely the company whose name appears on the item.

How Brushing Scams Operate

The mechanics of a brushing scam involve several deceptive steps:

  1. Data Acquisition: Scammers obtain personal information, such as names and addresses, from publicly available sources, data breaches, or the dark web.
  2. Package Dispatch: The scammer, often an international third-party seller, sends a low-value item to the victim’s address. The cost of shipping is considered a worthwhile investment to boost product ratings artificially.
  3. Fake Review Creation: Upon confirming the package was delivered (often through tracking), the scammer creates an account on an e-commerce platform and posts a glowing “verified purchase” review using the victim’s name.
  4. Profit Generation: The inflated reviews help the scammer’s products appear more popular and trustworthy, leading to increased sales of dubious or low-quality merchandise.

A newer variation of this scam involves “quishing” (QR code phishing). Scammers include a QR code in the package, instructing the recipient to scan it to learn who sent the gift or to get more information about the company. Scanning the code directs the user to a fake website designed to look legitimate, such as a bank or government portal, where criminals attempt to harvest sensitive personal identifiable information (PII), including full names, credit card numbers, and Social Security numbers.

The Risks and Consequences for Victims

While receiving free items might seem harmless, brushing scams pose significant risks:

  • Compromised Personal Information: The most immediate concern is that your personal information has been accessed and is being used without your consent. The US Postal Service cautions that if you are a victim, your data has been compromised, making you a target for future scams and identity theft.
  • Identity Theft: Scammers may use your information to open fraudulent accounts or commit other illicit activities.
  • Fraudulent Reviews: Your name may appear in reviews for products you never purchased, misleading other consumers and supporting fraudulent sellers.
  • Security Threats: In some instances, bad actors use the address information to arrange for merchandise to be delivered and then steal it from the home before the resident can intercept it.
  • Quishing Dangers: Scanning a malicious QR code can lead to malware installation or direct phishing attacks, resulting in financial loss or further data theft.

What to Do If You Receive an Unsolicited Package

If you find an unexplained package at your door, follow these recommended steps to protect yourself:

  1. Do Not Pay or Scan QR Codes: Never pay for unsolicited items or scan any QR codes included in the package. These codes are often designed to steal your information.
  2. Do Not Contact the Sender: Avoid calling any phone number linked to the seller’s address, as scammers may use this opportunity to extract more sensitive information from you.
  3. Handle Suspicious Contents with Care: If the package contains liquids, seeds, or other suspicious materials, do not open it. Notify your local authorities immediately, as recommended by the Postal Service.
  4. Notify the E-Commerce Platform: If the goods arrived via a platform like Amazon or eBay, report the incident to the platform. Ask them to check and remove any fake reviews that may have been posted in your name.
  5. File a Fraud Report: Report the incident to the relevant fraud prevention authorities.
  6. Dispose or Keep the Item: You have several options for the physical item: you may keep it, dispose of it, or return it to the sender if a return address is clearly marked. However, it is generally not recommended to contact the sender.
  7. Monitor Your Accounts: Vigilantly monitor your online and financial accounts for any suspicious activity.
  8. Strengthen Your Security: Change passwords for your online accounts and enable two-factor authentication (2FA) wherever possible.
  9. Check for Data Breaches: Investigate whether your personal information may have been exposed in a data breach or on the dark web.

Conclusion

Brushing scams exploit the desire for free items to commit fraud and compromise personal security. While the packages may seem harmless, they are a clear indicator that your personal information is in the hands of criminals. By understanding how these scams work and taking proactive steps to protect your data and report incidents, consumers can mitigate the risks. Always remain cautious of unexpected deliveries, especially those containing QR codes, and prioritise the security of your personal information above all else.

Sources

  1. Brushing scams explained: What they are and how to stay safe
  2. Got a package on your doorstep that you didn’t order? It could be a scam.
  3. Brushing scam
  4. Brushing scams: What to do if you receive free goods in the mail without ordering them

Related Posts