NATIONAL — The Better Business Bureau (BBB) has issued a warning regarding a sophisticated twist on an old scam known as “brushing,” where consumers receive packages they never ordered. The BBB cautions that opening these surprise deliveries may lure victims into a serious digital security trap.
Traditionally, brushing scams involve a fraudulent seller sending an inexpensive, unwanted item to a stranger and then posting a bogus, positive review in the recipient’s name to artificially boost their online ratings.
The New High-Tech Danger
The newer, more malicious version of the scam now involves packages containing a deceptive call to action.
“In a newer twist, some packages showing up on doorsteps contain a QR code with instructions on how to scan it, find out who sent the package, and start a return,” the BBB stated.
However, scanning this seemingly innocent QR code is the real danger. The code will redirect the user to a malicious website designed to steal personal information or, worse, automatically download malware onto their device.
Safety Steps: Do Not Scan the Code
The BBB advises the public to suppress curiosity and follow two crucial safety rules if an unsolicited package arrives:
1. Never Scan the QR Code: Do not scan any QR code or click on any link provided within a package you did not order. This is the primary method criminals are using to execute the malware attack.
2. Change Passwords Immediately: If you have already scanned the code, you should immediately change passwords for all online accounts, especially those tied to shopping sites, banking, and email, to prevent a data breach.
What to Do with the Package
While a single unwanted package may seem like an inconvenience, some victims are reporting being flooded with these deliveries daily. If this happens, the BBB suggests temporarily refusing package delivery or directing legitimate orders to a third-party package receiving service.
The good news is that you have the legal right to keep the item. The Federal Trade Commission (FTC) confirms that consumers are entitled to keep any merchandise they receive but did not order, making it safer to hold onto the unwanted item than to attempt a return that involves scanning a malicious code.
To further protect yourself, if you can identify the company name on the package, visit their official website directly to search for any unauthorized reviews posted in your name.
