Recently, many police and government agencies have been…

Recently, many police and government agencies have been seeing an increase in reported brushing scams across the country. A brushing scam occurs when you receive a package containing items you never ordered. The unexpected package will be addressed to you, but it will most likely not have a return address on it. Some scammers send packages through popular third-party sellers, such as Amazon, to make you believe you’ve received a package by mistake. Even though receiving an unexpected package may seem harmless, falling victim to a brushing scam means your private information has likely been leaked, which could lead to scammers targeting you with cyber-attacks and attempting to steal your identity. Below is some information from an article posted on keepersecutity’s website, explaining how brushing scams work and the dangers that they pose.

Why brushing scams are dangerous

You may be wondering about the downside of receiving a free gift. The purpose of a brushing scam is for scammers to write fake reviews in your name for a product “you” ordered to boost an item’s ratings and company sales. Because most items sent in brushing scams are inexpensive to buy and ship, scammers consider it worthwhile to use your PII to commit these scams and other forms of fraud. Brushing scams rely on as much Personally Identifiable Information (PII) as scammers can gather about you to impersonate you in misleading online reviews, which may impact your overall digital footprint. Having your PII exposed is dangerous because if one scammer can find and use it to commit fraud, other scammers can likely do the same to commit other crimes or identity theft.

Another reason brushing scams are dangerous is if the unexpected package you receive contains a QR code. If you receive an unsolicited package and know you did not order it, you may be tempted to contact the sender to return it. However, if you notice a QR code on the box or inside the package, scanning it can lead to your PII being sent directly to the scammer. QR code scams, also known as quishing, are commonly associated with brushing scams and often encourage you to register your new product or identify the sender by scanning the QR code. If an unexpected package contains a QR code, do not scan it.

What to do if you receive a package you didn’t order

If you receive a package you didn’t order, immediately notify the retailer, decide what to do with the package, update your passwords and check your bank statements for signs of fraud.

Thank you to the Oneida County IT Department for providing this important information on Brushing Scams.