A package arrives but you can’t remember ordering anything.
When you open it, you find some cheap, flimsy jewellery.
Is it a case of mistaken identity or has someone accidentally selected the wrong address? You put it to one side and wait to see if anyone claims it or contacts you to ask if you got their gift, but no one does.
While it is far from unusual for parcels to go astray, if one arrives with all your details on it, it is possible you have become an unsuspecting cog in a large-scale “brushing” fraud, a scam that is on the increase, according to online security experts.
Fraudsters need your postage details, which they will often obtain through a data breach. They then set up a false online account in your name on the shopping site they are selling their goods on and post a fake verified and positive review, apparently from you, about the products you have received.
These positive five-star reviews “brush up” their online ranking on the shopping site and also their credibility. In theory, this can then increase their sales. Oliver Devane of the security company McAfee says the goods need to be sent to the customer in order for a purchase and review to be verified. These fake verified reviews are often paid for.
While it may appear to be a victim-free scam, it could highlight that your personal details have been hacked. It also risks bringing potentially harmful toys or cosmetics into your home, says Devane.
“If it is some little toy that you give to your child, you’ve got no idea of the quality … which is a risk in itself. You have no idea where it came from and what it contains,” he says.
What it looks like
The package will come out of the blue and could contain anything from a key chain gadget to random homeware or even plant seeds. The contents will be cheap and likely to be of poor quality. This could happen at any time of the year, although deliveries of the goods peak at busy shopping periods.
In some cases, says Devane, the fraudsters may send QR codes or USB sticks with the product in the hope that people will scan them or put their into their computer. These will invariably lead to some malware being added to a phone or laptop that could result in data being stolen.
What to do
If you get something unexpected in the post, do not use it or consume it as it may be dangerous. For example, a toy may not be produced to proper standards or perfume may have harmful ingredients.
Check your online accounts to make sure there has been no unauthorised order and then report it to the marketplace that it was sent from.
Amazon says third-party sellers are prohibited from sending unsolicited packages to customers and have a way to report them here. If you can identify the fake reviews in your name, then you can inform the shopping site you are dealing with and they can take action.
It is worth changing the password on your online shopping accounts and enabling two-factor authentication, says Devane.
Do not try to return it to the retailer as this may prompt them to engage with you more and initiate more scams. Instead, simply throw it away after reporting it, he says.
