Unexpected Package Scam aka Brushing Scam

WEEKLY SCAM ALERTS
Week of April 20, 2025

• California Woman Loses $300,000 in Romance Scam

• FBI Warns of Disturbing Rise in Senior Scams

• Michigan Warns of Bitcoin Scams

SENIOR SCAM ALERT
Unexpected Package Scam aka Brushing Scam

Beware of Surprise Packages: How to Spot and Avoid Brushing Scams

Imagine you're settling in for a relaxing evening, ready to enjoy your favorite TV show. Suddenly, there's a knock at your door. You're puzzled to find an unexpected Amazon package addressed to you—one you never ordered. It seems harmless enough, but did you know this surprise delivery could be part of something called a "brushing scam"?

What Exactly is a Brushing Scam?

Brushing scams involve scammers sending unsolicited packages filled with inexpensive or random items to people who never ordered them. But why would someone send you a package you didn't request?

Scammers use these deliveries to create fake purchase records on platforms like Amazon. With these fake orders, scammers can leave glowing, yet entirely fabricated, reviews for their own products. These positive reviews mislead genuine shoppers into thinking products are high-quality and popular.

Why Should You Be Concerned?

On the surface, brushing scams might seem harmless—after all, you're getting free stuff, right? Unfortunately, these scams are more sinister than they appear. Receiving unsolicited packages means your personal information, like your name and address, has likely been compromised. This could expose you to further threats, including identity theft or targeted cyberattacks.

Introducing Quishing: A New Scam Tactic

Recently, scammers have combined brushing scams with a new tactic called "quishing," short for QR code phishing. Quishing involves placing QR codes inside these unsolicited packages. When you scan the QR code, it takes you to a fake website that appears legitimate—often mimicking banks, government organizations, or trusted institutions. However, these websites are created by scammers aiming to steal your personal identifiable information (PII).

These deceptive QR codes might come with a message encouraging you to scan them to discover who sent the gift or to learn more about the company behind the package.

Why Should You Be Concerned?

On the surface, brushing scams might seem harmless—after all, you're getting free stuff, right? Unfortunately, these scams are more sinister than they appear. Receiving unsolicited packages means your personal information, like your name and address, has likely been compromised. This could expose you to further threats, including identity theft or targeted cyberattacks.

Interacting with these suspicious QR codes can lead to more serious cyber threats, such as SIM swapping, where scammers hijack your phone number to gain access to your accounts.

How Can You Protect Yourself?

Here are some practical steps to protect yourself from brushing and quishing scams:

1. Never scan unknown QR codes: Even if they seem harmless or intriguing, QR codes from unknown sources can expose your personal information.

2. Report unexpected deliveries: Immediately contact Amazon or the relevant retailer and inform your postal service if you receive unsolicited packages.

3. Secure your online accounts: Use strong, unique passwords and enable app-based two-factor authentication.

4. Monitor your phone activity: Watch out for unusual phone behavior or messages, which could indicate your personal information has been compromised.

5. Be cautious about your online presence: Limit the amount of personal information you share publicly online to reduce your risk.

Stay Alert, Stay Safe

Brushing and quishing scams aren't just strange—they're a real threat to your personal and financial safety. If you or someone you know receives an unexpected package, remember these steps to stay protected.

Stay vigilant, share this information with friends and family, and together we can stay one step ahead of scammers.