You might have received a package from online retailers like Amazon or Alibaba that you didn't order.
If so, you are probably a victim of a "brushing" scam if no one you know admits to sending it.
Receiving packages you haven't paid for may not seem like the worst situation, but falling prey to a scam isn't great either. You might not be financially impacted, but it raises concerns about who may have access to your address and other information.
In this article, we take a look at what a brushing scam is, what you can do if you are a victim of one, and how to protect yourself from receiving unsolicited packages.
A brushing scam is when a seller either:
The scam works by generating fictitious orders and shipping them to either an accomplice or an unwary member of the public in order to increase a seller's ratings.
Most e-commerce sites rank sellers based on a variety of factors and show these ratings to customers. These evaluations are crucial to vendors since they can increase sales.
If these phony orders go unnoticed, the seller's rating may increase, which may increase the likelihood that their products will be listed first in search results on e-commerce websites. Additionally, the buyer of the item could provide a favorable rating or review, thereby boosting the trustworthiness of the item's listing.
The most popular example of a brushing scam is the Chinese seed scandal. Numerous consumers in the US reported receiving unwanted shipments, purported to be jewelry. When the parcels were unwrapped, the recipients learned they actually contained seeds.
The US Department of Agriculture believes that this was probably a deliberate scam. These parcels were being sent by Chinese vendors so that customers could give complimentary evaluations for their low-cost jewelry items.
Although brushing scams could appear to be relatively innocent, once your data has been compromised, it could be used for less obvious fraud, including "credential stuffing," which could have more serious repercussions.
When a cybercriminal accesses user accounts at another organization using stolen usernames and passwords from one (obtained through a breach or bought on the dark web), this practice is known as "credential stuffing."
Because many customers have a tendency to use the same password for many accounts, it frequently happens.
Your data has been compromised, which is a severe matter because it could be utilized for other, more serious fraudulent offenses, and this is the main problem with brushing.
If you receive a package or item that you didn't order, first confirm that it was not a gift that was sent to you and check with friends and family to see if they ordered the package.
If you confirm that the package addressed to you, wasn't ordered by you or anyone you know, report the package online by going to the Report Unwanted Package form.
You can also contact Customer Service of the e-commerce platform. If you receive an unwanted package from Amazon, you will be required to provide the following information in your report:
Amazon does not require you to return the item.
Brushing scams can only be perpetuated if the fraudsters have access to your data.
Restarting or blocking access to your data is the most viable way of protecting yourself. Here are various ways you can safeguard your information online:
Oversharing on social media can rapidly reveal our identities and personal information.
Keep private information such as your:
Also, ask yourself if you truly want your relationship status to be known to the world.
Use an identity theft protection package to protect your identity as well as crucial financial and personal information. Also included should be recovery tools in case your identity is stolen.
Even though it may seem tedious, using a unique password for each app or account you use is an excellent method to safeguard your online identity and data. Delete your data and cancel your account if you no longer use social media.
Make sure to change the default username and password to something secure and distinctive before you connect a new IoT (Internet of Things, or physical objects that are connected to the internet) device to your network.
The default settings of numerous IoT devices are frequently known by hackers, who then release them online for public exposure.
Disable any additional manufacturer options that won't help you, such as remote access, which hackers might use to gain access to your machine.
When available, you can also enable two-factor or multi-factor authentication.
Both forms of authentication add an extra layer of protection to make sure users seeking to get into an online account are who they claim to be.
Customers will be asked to supply additional identification details after setting up their account, in addition to a username and password.
This second element could be your personal identification number (PIN), the solution to a "secret question," or even something you are holding, like a credit card.
More merchants are turning to online platforms to increase their customer base and revenue target.
This has resulted in increased competition as everyone is vying for the consumers' attention and visibility on the platform. To sidestep this, some online sellers are using brushing scams to improve their rankings and reviews on their pages.
However, you can only be a victim if they have access to your data. By implementing the steps outlined above to protect your data, you can prevent your chances of being a victim of a brushing scam.