Skip to content
Call Us
Shady delivery package
Security

What are brushing scams and how do I stay safe?

Robert
Robert |

Ever received a package you didn’t order?

It might seem harmless, but it could be a sign your personal data has been compromised—and more fraud could be on the way.

Online shopping is booming, with global e-commerce sales expected to exceed £5 trillion by 2026. Marketplaces like Amazon make buying easy, but they also attract scammers. In fact, in 2025, Amazon blocked 250 million fake reviews and took action against thousands of fraudsters.

One growing scam is called “brushing.” Here’s what you need to know.

 

What is a brushing scam?

A brushing scam happens when a seller sends you a package you never ordered. The item is usually cheap and sent for one reason: to post a fake 5-star review and boost the product’s ranking.

How it works:

  • Scammers get your name and address—often from data breaches or public sources.
  • They create a fake buyer account and “purchase” their own product.
  • The item is shipped to you, and they leave a glowing review.
  • You only find out when the package arrives at your door.

 

Why does it matter?

Free stuff sounds nice, but brushing scams aren’t harmless:

  • Your personal data may already be circulating on cybercrime forums.
  • Scammers could be verifying your details for identity theft.
  • Some packages include QR codes that lead to phishing sites or malware.
  • Fake reviews erode trust in online marketplaces.

 

How to spot it

Watch for:

  • A low-value item you didn’t order.
  • Missing or vague return address.
  • QR codes inside the package.

Double-check your email, shopping accounts, and bank statements for suspicious activity.

 

What to do if it happens

  • Confirm it’s not a gift from friends or family.
  • Don’t scan any QR codes.
  • Check your bank and credit reports for unusual activity.
  • Enable multi-factor authentication (MFA) on your accounts.
  • Report the scam to the marketplace (e.g., Amazon).
  • Keep the item if you want—returning it won’t help.

 

How to protect yourself

  • Use identity protection services that monitor the dark web.
  • Change passwords immediately if your data is exposed.
  • Enable multi-factor authentication (MFA) on your accounts.
  • Limit personal info on social media and lock down privacy settings.

 

Brushing scams are just one way fraudsters exploit your data. Staying safe means staying vigilant—but these steps can help you protect yourself.

Share this post

Keep reading