What's a Brushing Scam? Definition and 5 Ways You Can Protect Yourself

By Chika


Last Updated: May 20, 2023


You might have received a package from online retailers like Amazon or Alibaba that you didn't order.

If so, you are probably a victim of a "brushing" scam if no one you know admits to sending it.

Receiving packages you haven't paid for may not seem like the worst situation, but falling prey to a scam isn't great either. You might not be financially impacted, but it raises concerns about who may have access to your address and other information.

In this article, we take a look at what a brushing scam is, what you can do if you are a victim of one, and how to protect yourself from receiving unsolicited packages. 


What is a Brushing Scam?

A brushing scam is when a seller either:

  • hires a person for a small cost to place a fraudulent purchase or
  • simply places their own order using another person's details

The scam works by generating fictitious orders and shipping them to either an accomplice or an unwary member of the public in order to increase a seller's ratings. 

Most e-commerce sites rank sellers based on a variety of factors and show these ratings to customers. These evaluations are crucial to vendors since they can increase sales. 

If these phony orders go unnoticed, the seller's rating may increase, which may increase the likelihood that their products will be listed first in search results on e-commerce websites. Additionally, the buyer of the item could provide a favorable rating or review, thereby boosting the trustworthiness of the item's listing.


Famous example of brushing: Chinese seed brushing

The most popular example of a brushing scam is the Chinese seed scandal. Numerous consumers in the US reported receiving unwanted shipments, purported to be jewelry. When the parcels were unwrapped, the recipients learned they actually contained seeds.

The US Department of Agriculture believes that this was probably a deliberate scam. These parcels were being sent by Chinese vendors so that customers could give complimentary evaluations for their low-cost jewelry items.


The dangers of 'brushing' and other online scams

Although brushing scams could appear to be relatively innocent, once your data has been compromised, it could be used for less obvious fraud, including "credential stuffing," which could have more serious repercussions.

When a cybercriminal accesses user accounts at another organization using stolen usernames and passwords from one (obtained through a breach or bought on the dark web), this practice is known as "credential stuffing."

Because many customers have a tendency to use the same password for many accounts, it frequently happens.

Your data has been compromised, which is a severe matter because it could be utilized for other, more serious fraudulent offenses, and this is the main problem with brushing. 



What to do when you get a package you didn't order from Amazon?

If you receive a package or item that you didn't order, first confirm that it was not a gift that was sent to you and check with friends and family to see if they ordered the package.

If you confirm that the package addressed to you, wasn't ordered by you or anyone you know, report the package online by going to the Report Unwanted Package form.

You can also contact Customer Service of the e-commerce platform. If you receive an unwanted package from Amazon, you will be required to provide the following information in your report:

  • The number of unwanted packages received.
  • A tracking number from at least one of the packages (found on the shipping label).
  • Photo of at least one shipping label (optional).
  • Any additional information to assist the investigation.

Amazon does not require you to return the item.


5 Ways to Protect Yourself Online

Brushing scams can only be perpetuated if the fraudsters have access to your data.

Restarting or blocking access to your data is the most viable way of protecting yourself. Here are various ways you can safeguard your information online:


1. Don't share too much on social media.

Oversharing on social media can rapidly reveal our identities and personal information.

Keep private information such as your:

  • date of birth
  • address
  • occupation
  • family members' names

Also, ask yourself if you truly want your relationship status to be known to the world.


2. Safeguard your identity.

Use an identity theft protection package to protect your identity as well as crucial financial and personal information. Also included should be recovery tools in case your identity is stolen.


3. Create separate logins for every app you use.

Even though it may seem tedious, using a unique password for each app or account you use is an excellent method to safeguard your online identity and data. Delete your data and cancel your account if you no longer use social media.


4. Protect your devices.

Make sure to change the default username and password to something secure and distinctive before you connect a new IoT (Internet of Things, or physical objects that are connected to the internet) device to your network.

The default settings of numerous IoT devices are frequently known by hackers, who then release them online for public exposure.

Disable any additional manufacturer options that won't help you, such as remote access, which hackers might use to gain access to your machine.


5. Utilize authentication techniques.

When available, you can also enable two-factor or multi-factor authentication.

Both forms of authentication add an extra layer of protection to make sure users seeking to get into an online account are who they claim to be.

Customers will be asked to supply additional identification details after setting up their account, in addition to a username and password.

This second element could be your personal identification number (PIN), the solution to a "secret question," or even something you are holding, like a credit card.



Brushing Scam: Final Thoughts

More merchants are turning to online platforms to increase their customer base and revenue target.

This has resulted in increased competition as everyone is vying for the consumers' attention and visibility on the platform. To sidestep this, some online sellers are using brushing scams to improve their rankings and reviews on their pages.

However, you can only be a victim if they have access to your data. By implementing the steps outlined above to protect your data, you can prevent your chances of being a victim of a brushing scam. 

Photo by Kindel Media


Leave a Reply

Your email address will not be published. Required fields are marked *