Receiving an unexpected parcel from Amazon might sound like you’ve scored a freebie, but it could also be a sign of a well-crafted ‘brushing’ scam. So, how does it work?
With each passing day, it seems there’s a new type of scam to look out for. There are myriad ways criminals can access your personal information, and just as many ways they can then use that data.
One such way is in a so-called ‘brushing’ scam, used by some unscrupulous online retailers to artificially bolster their online reputation.
E-commerce businesses are heavily reliant on positive reviews and robust sales metrics to elevate their business status. If a fraudster gains access to your details, you might be unexpectedly gifted with a product that they’re looking to promote to obtain a stronger online presence.
In this instance, ‘brushing’ refers to the fraudulent business brushing aside any consumer suspicion by making it look like the business is legitimate using your fake review.
How does it work?
Scammers obtain a person’s name and address through various means such as other data breaches, public directories, or social media.
The scammer then creates fake accounts in your name on online retail platforms where they sell their own products.
They then use these fake accounts to place orders for their own products using your real address. To pay for the orders, the scammers will often use stolen credit card information or other illicit means.
The scammer ships the products to the addresses they acquired and the unsuspecting victim receives the package.
After the packages are delivered, the scammer writes positive reviews on their own seller accounts using the acquired names.
This helps boost their ratings and increase their visibility on the e-commerce platform.
Why is this dangerous?
It may seem at first glance that this scam isn’t so bad for you, after all, you get a free gift out of it right? There are certainly worse scams surely?
While that may be mostly true in this case, it clearly demonstrates your personal details are now in the hands of unscrupulous characters.
If they are willing to use your data in this way, then they may be willing to use it in other nefarious ways that may be more directly harmful to you — or to sell it to people who definitely are.
To avoid this scam, change your passwords often and consider setting up two-step verification for your more sensitive accounts.
Have you received any unexpected packages lately? When was the last time you reviewed your passwords? Let us know in the comments section below.
Also read: Should Australia follow UK lead and make banks reimburse scam victims?