Imagine this: A box shows up at your door. It has your name and address on it, but you're not expecting a package. So, you open the box and find it contains something cheap (think: novelty socks, phone accessories, beauty products, or jewelry). Is it a mistake? A freebie? Should you keep it?
Whatever you do, don't shrug it off because you might be caught up in a brushing scam. It may seem harmless at first. After all, you didn't pay for it. But brushing scams come with real risks, and that unexpected package could mean your name, address, and possibly other personal details are in the wrong hands.
What Is a Brushing Scam?
Brushing scams are a form of e-commerce fraud that often start when a seller-usually overseas-creates fake orders using stolen data or made-up accounts. They'll ship cheap items, random trinkets, or even empty boxes to real addresses tied to those fake orders. While most brushing scams are designed to boost product reviews, others serve different purposes and carry different risks.
1. Fake Review Farming
This is the classic version of a brushing scam (and the least threatening). A seller sends a cheap item to your address, then posts a fake five-star review using your name or a fake account. In most cases, these sellers are simply trying to inflate their product ratings and build trust with real shoppers.
2. Verified Buyer Scams
Some online marketplaces, like Amazon, highlight reviews from verified buyers. Verified buyer badges indicate that the review is from someone who actually bought and used the product, which increases the credibility of the feedback.
However, to game the system, some scammers ship products to real people so they can leave a review that looks legit. In some cases, they even use stolen gift cards or compromised payment methods to place the order, without your knowledge.
3. Account Takeover Brushing
Most brushing scams don't involve your actual account; they rely on fake profiles and stolen shipping info. However, in rare cases, scammers may gain access to your actual online shopping account, place an order using your saved payment method, and leave a fake review in your name. If this happens, it's no longer just about fake ratings-it means your personal and financial information is compromised, and you need to take action immediately to secure your accounts and prevent further fraud.
4. QR Code Scams Hidden in Packages
Some brushing scam packages now include QR codes printed on the packaging, inserts, flyers, or included “thank you” cards. Whatever you do, don’t scan codes from unexpected packages. These codes often link to phishing websites or shady “prize claim” or “survey” pages designed to harvest personal data. Even worse, they could trigger malware downloads that give hackers access to your device.
Scam Tip: QR code brushing scams sometimes come with notes urging you to scan the code to see who sent the package—but don’t take the bait. If you’re curious, check the shipping label for a tracking number and visit the shipping company’s official website directly. You could also review your recent orders or contact the sender’s customer service through verified channels—never through links or codes included in the package.
5. Brushing as a Front for Package Theft
In this version, scammers use stolen credit cards or hacked accounts to buy items and ship them to your address. Later, someone might show up pretending to be a delivery driver or a confused neighbor trying to retrieve the package. It's a tactic to recover the goods without raising suspicion or revealing the scam.
If this happens, avoid direct confrontation. If possible, take a photo of the package and the person (from a safe distance) and don’t hand over the item unless you feel completely safe doing so. Consider contacting the retailer directly through their official website, not the phone number or link provided on or in the box. If you do this, remember not to give out your personal information. And if the interaction feels suspicious or threatening in any way, don’t engage. Trust your instincts and contact local law enforcement immediately.
Why This Scam Matters
At first glance, it might feel like no harm was done. You got something for free, right? But brushing scams come with real risks. At the very least, it undermines trust in online reviews. These scams clutter platforms with fake praise, making it harder to know which sellers are actually legit.
But, more importantly, if you are involved in a brushing scam, your personal data is likely compromised. After all, if someone has your name and address, they may also have other personal information. That could lead to identity theft and account takeovers.
What to Do if You Get a Package You Didn’t Order
Here’s what to do if you receive a mystery package:
- Verify that it isn’t a gift. Before taking action, ask your friends and family if they sent you a gift. It’s possible that it was just a good-intentioned surprise.
- Keep the item if you like. You are under no legal obligation to pay for or return it.
- Don’t keep it if it feels sketchy. Throw it away, or, if the package is unopened and has a return address, you can mark it “Return to Sender.” USPS will handle the return at no cost to you.
- Don’t scan codes or use the included links. They could lead to fake sites used by scammers to steal your personal information or gain access to your accounts and devices.
- Check your accounts. Look for unknown charges, accounts you didn’t create, or login attempts.
- Change your passwords. If you use the same password across sites, now’s the time to switch things up.
- Enable two-factor authentication (2FA). Add an extra layer of security to your email, financial, and shopping accounts.
- Report the scam. Notify the retailer or online marketplace—but don’t use the contact information on the package. You can also file a report with the Federal Trade Commission (FTC).
- Monitor your credit. Set up alerts or freeze your credit if you think your information has been compromised.
How to Avoid Becoming a Target
Scammers get your information from data leaks, public records, and hacked sites. Here's how to lower your risk:
- Don't overshare online. Keep your personal information (like birthdate, address, or full name) off public profiles.
- Be careful where you shop. Use only trusted sites with secure checkout processes.
- Use strong, unique passwords. A password manager can help keep track of them.
- Stay alert after data breaches. If a company you use announces a breach, change your passwords and watch for suspicious activity.
Brushing scams might seem like a strange, harmless quirk of online shopping, but they're part of a larger problem that includes the misuse of personal data. So, if a package shows up that you didn't order, take it seriously. A little vigilance now can save you bigger headaches down the road.
¿Quieres más consejos sobre cómo evitar estafas?
- Pon a prueba tus habilidades de detección de estafas con nuestro cuestionario "¿Eres experto en estafas?".
- Obtén información sobre cómo proteger tu dispositivo Alexa, Siri o el Asistente de Google.
- Find out how to spot “get rich quick” schemes.