The Brushing Scam

Written by Josh Brown, VP Director of Security at The Fauquier Bank

A “new scam” is getting some attention. It really is a mashup of a few scams, some seemingly not all that harmful, and some indicative of a more serious problem. The first time you would know you are the victim of the scam is when you find a stack of Amazon packages you didn’t order on your porch. There is no way to return them and they are indeed addressed to you or someone in your household. By the way, you do get to keep what you didn’t order. Strange.

So how is it that you have come into possession of these items, often a mix of low-end electronics and household appliances? It turns out companies, reportedly in Asia, are sending them as a way of boosting reported sales and garnering excellent reviews. But again, you didn’t order them. You didn’t pay for them. So how does the company that sent them benefit? Even though they essentially paid themselves for the items they shipped, they get to claim inflated sales figures.

Here is the insidious part, they found your information in a data breach. They were able to post fake reviews because they have your Amazon login credentials. And, according to the Better Business Bureau, “once the information is out there, it can be used for numerous crooked purposes.” There is also a “porch pirate” aspect to this. Those criminals are still following delivery vans around and trespassing to steal the packages that were delivered. And some victims report receiving many of these free products, so many that it becomes a major problem trying to get it to stop.

Don’t discount the possibility the items were shipped to you just so they can be picked up by the very scammers that purchased them with someone else’s stolen payment information. You should notify local law enforcement so they have a report on file, in case the merchant comes after you later, claiming you are part of the scam.

What can be done? First off, you should change your passwords. Password reuse is a major problem I have written about before. For each online account, you should have a different password that you change from time-to-time. A password manager is a great, inexpensive, program for your computer or mobile device to help you keep track of all the passwords.

Let the online retailer, usually Amazon Customer Service, know. Fake reviews encourage people to buy worthless products, and that benefits the bad companies.

-TFB