This post is also available in:
עברית (Hebrew)
The Federal Trade Commission (FTC) has issued an urgent warning about a new, sophisticated version of the brushing scam that is targeting Americans. In this latest scheme, fraudsters are sending unsolicited packages to victim’s doorsteps. While these packages might seem harmless, they are part of a deceptive effort to steal personal information.
In a brushing scam, criminals send items to victims using stolen or purchased personal data. The goal is to artificially inflate product ratings by writing fake reviews under the guise of verified purchases. However, these so-called “gifts” are more than just an inconvenience – they indicate that the recipient’s personal data has been leaked.
In this particular scam, the package includes a malicious QR code. Upon receiving a package, the recipient may find a note claiming the gift is from an anonymous sender, with instructions to scan a QR code to learn more or return the item. However, scanning this code directs victims to phishing websites designed to steal sensitive information such as usernames, passwords, and credit card details. In some cases, these QR codes also attempt to infect the victim’s device with malware, granting hackers access to the phone.
The FTC warns that even though these packages may appear to be free gifts, they are likely part of a broader scam designed to steal personal information. While recipients are legally allowed to keep the gifts, they should be cautious if they have scanned a suspicious QR code or entered personal details.
If you suspect that your information has been compromised, the FTC recommends immediately changing passwords, enabling multi-factor authentication, and monitoring credit reports for unusual activity. U.S. victims should also report any identity theft to IdentityTheft.gov and remain vigilant in reviewing their financial statements.
Stay informed and cautious to protect yourself from this growing cyber threat.
