The holiday season is in full swing, and analysts estimate 93 million parcels will be delivered daily during peak shopping season. However, be wary of unsolicited freebies delivered to your doorstep, as it may indicate your privacy is at risk.
In a blog post on Thursday, cybersecurity firm Bitdefender warned about “brushing scams,” where people receive packages in the mail they did not order. While this certainly sounds confusing, being a victim of a brushing scam means a malicious actor has access to your personal information and is potentially making a huge profit off it as well.
What Is a Brushing Scam?
In brushing scams, threat actors gain access to a victim’s information, like their name and address. They use these details to create an account and post reviews on online shopping sites like Amazon and eBay. These positive reviews can be highly profitable for the sellers.
Criminals would never send you a free package out of the goodness of their hearts. The ultimate goal of brushing scams is to use fake reviews to boost the reputation of sellers, making their low-quality products appear to be in high demand. Scammers send out many packages to unsuspecting victims.
“It’s also important to note that these actions are usually part of a large scam operation, and sending such unsolicited merchandise is illegal in many countries, including the US,” Bitdefender said in its blog post.
There are many ways malicious actors can gain access to a person’s personal information. This data can be bought from data brokers or purchased on dark web marketplaces.
With most online services requiring users to sign up or provide some personal information, you can never be sure if your data is secure. Read our guide to identity theft to learn how to stay safe online and prevent your data from falling into the wrong hands.
What to do if You Receive an Unsolicited Package?
If you receive a suspicious package, we recommend confirming that you did not order the package or that it was not sent by someone you know. After all, it is possible to forget about one parcel in the holiday shopping mania.
If you’re convinced it was an unsolicited package from an unknown sender, we recommend taking the following actions:
- Do not pay for the unsolicited package.
- Inform the e-commerce platform about the incident. Most sites have a customer care number that you can contact.
- File a fraud report.
- Contact the e-commerce platform to remove any fake reviews under your name.
- Change your passwords and set up two-factor authentication on all your online accounts.
- Use an identity theft monitoring service like Aura to monitor your accounts for suspicious activity.
Wondering what to do with the unsolicited package lying in your house? You can decide to keep the package. However, the item is unlikely to be very valuable. If you don’t feel comfortable keeping the parcel, you can dispose of it or return it to the sender.
