As 2025 kicks off, online shoppers face a growing menace: the “brushing scam.” This deceptive practice has gained momentum, leaving unsuspecting recipients puzzled by unsolicited packages and fake reviews popping up under their names. What might seem like a harmless delivery of free items is part of a larger, sinister scheme targeting consumer data and trust.
The brushing scam originated with the booming popularity of e-commerce reviews, where sellers boost their product ratings by faking orders and reviews. It involves sending random users low-value items—such as cheap jewelry, small gadgets, or even seeds—and then getting them to write glowing reviews under their names. This manipulates product rankings on platforms like Amazon and AliExpress, creating a false sense of popularity and quality.
Why Brushing Scams are more dangerous than they seem
While receiving unexpected packages may seem harmless or amusing, the risks are far-reaching. A report from McAfee highlights that brushing scams aren’t just about fake reviews—they’re also about exploiting sensitive personal data. Scammers often acquire users’ names and addresses through data breaches or illegal purchases of personal information.
The implications go beyond misleading reviews. Receiving these unsolicited parcels could mean your data has been compromised, potentially leading to identity theft or financial fraud. Adding to the concern, scammers are now embedding QR codes in these packages, luring recipients with promises of gift cards or other rewards. Scanning these codes can direct users to malicious websites that steal sensitive information or infect devices with malware.
How scammers manipulate trust in e-commerce
The appeal of e-commerce lies in its convenience and reliance on customer reviews to make informed purchasing decisions. Brushing scams exploit this trust, misleading buyers with fake ratings and generating phony sales figures. As these deceptive practices grow, legitimate buyers may fall victim to products that don’t meet their expectations, undermining trust in online shopping platforms.
Protecting yourself from brushing scams
Fighting phishing scams requires awareness and proactive measures to safeguard your data. One of the simplest ways to protect yourself is to avoid scanning random QR codes, especially those included in unsolicited packages. These codes often lead to malicious websites that steal sensitive information or install harmful software on your device.
It’s also essential to secure your e-commerce accounts. Regularly updating your login credentials and enabling two-factor authentication (2FA) can add an extra layer of security, making it harder for scammers to exploit your information. Being vigilant about your account activity can also help you detect unauthorized access early.
If you receive a suspicious package, it’s crucial to report it. Contact the e-commerce platform involved and inform local authorities about the incident. This helps protect your data and alerts others to the scam, potentially preventing further misuse of personal information. Staying informed and taking these simple steps can go a long way in minimizing the risks associated with brushing scams.