1.8k Views inPrivacy

Amazon Brushing Scams: How That Unordered Package Got to You

Have you ever received a package from Amazon that you didn‘t order? You open it up only to find some random item like a dog toy, iPhone case, or even seeds for exotic plants. This odd occurrence has a name – it‘s called an Amazon brushing scam.

As an expert in ecommerce cybersecurity, I‘ve been closely following the rise of brushing scams on Amazon and other major retailers. In this article, I‘ll explain exactly how these scams work, why they can be dangerous, and most importantly, what you can do to protect yourself.

What is a Brushing Scam?

A brushing scam involves a seller sending unsolicited items to strangers and then posting false 5-star reviews to boost sales. The purpose is to make it look like their product is a hot seller with lots of happy customers.

Brushing scammers likely obtained your name and address from marketing lists, data leaks, or even public records. They don‘t care who you actually are. All they need is your info to ship you something cheap.

The package comes straight to your doorstep from Amazon or another retailer. It probably won‘t have a return address or invoice inside.

You may receive seeds, cosmetics, phone cases, electronic accessories, or random knick-knacks. The items usually only cost a few dollars for the scammer to purchase in bulk.

After you receive the package, the seller creates fake buyer accounts. They write a glowing 5-star review in your name and make it appear as if you "Verified Purchase" the product.

The scheme works because most shoppers look at reviews and ratings when browsing on Amazon. A product with hundreds of 5-star ratings will entice more people to buy it.

For the scammers, sending cheap items to strangers can result in huge payoffs if they boost sales. Even if only 1% of the fake reviews convert into a real sale, it becomes profitable.

According to the New York Times, brushing scams skyrocketed during the pandemic as more shopping moved online. Some analysts estimate tens of millions of these fraudulent shipments occur in the U.S. every year, generating billions in deceptive sales.

While Amazon has ramped up efforts to stop brushing scams, sellers still regularly exploit loopholes. Part of my job is helping ecommerce companies detect and shut down these brushing fraud rings.

Why Brushing Scams are Dangerous

Receiving a random package may seem harmless at first. You may even think it‘s fun to get a mystery gift in the mail.

But brushing scams can have serious consequences:

  • Identity theft – Scammers must have your personal information to send you a package. This info could include your full name, home address, email address or phone number. Identity thieves sell this data online or use it themselves to open fraudulent accounts.

  • Fake reviews – False 5-star reviews hurt other businesses who sell quality products. When scammers boost their ratings artificially, it becomes harder for legit brands to compete.

  • Wasted money – Returns cost Amazon and retailers a lot of money in shipping fees. The companies must also dispose of or destroy any opened items.

  • Inaccurate recommendations – Products that get fake positive reviews tend to surface higher in search results and recommendations. Shoppers then end up buying inferior or unsafe products.

  • Brushed items may be unsafe – In some cases, the items sent in brushing scams are untested or even dangerous to use. Reports indicate people have received expired foods, seeds that contain invasive species, and cosmetics with harmful ingredients.

For these reasons, Amazon and other retailers are trying to stop brushing scams. But some sellers still slip through the cracks.

As an online privacy advocate, my top concern with brushing scams is the identity theft risk. Scammers could sell or exploit your personal data for years to come. That‘s why it‘s so important to take precautions, which I‘ll cover ahead.

Can You Keep Packages from Amazon Brushing Scams?

If you receive a random package that appears to be an Amazon brushing scam, you don‘t have to return it. Legally, you can keep any items sent to you that you didn‘t order.

The Federal Trade Commission‘s (FTC‘s) rules on unordered merchandise state:

"By law, companies can‘t send unordered merchandise to you, then demand payment. That means you never have to pay for things you get but didn‘t order. You also don‘t have to return unordered merchandise. You‘re legally entitled to keep it as a free gift."

So if you get a package from Amazon that you didn‘t purchase, you can consider it a gift. You don‘t have to track down a return address or pay any shipping fees.

Just be cautious opening food items or cosmetics, as these could be expired or contain allergens. Seeds may grow invasive plant species. Your safest bet is to toss out the contents or donate them if unopened.

Also keep in mind that while you can keep the physical items, the sellers may still misuse your personal information. Make sure you take steps to protect yourself, which I‘ll cover next.

How to Stop Amazon Brushing Scams

Here are some tips to help prevent brushing scams from happening and keep your identity secure:

Monitor Your Accounts

Check your credit card and bank statements regularly for any unknown charges or suspicious activity. Scammers may have your payment information on file to make fraudulent purchases.

You can also enable text or email alerts from your bank for any sizable transactions. This lets you catch unauthorized charges right away.

Pro Tip: I recommend checking statements at least weekly for brushing charges. It‘s one of the fastest ways to catch fraud.

Use Strong Passwords

Create a unique, complex password for all your important accounts. Avoid using personal information or common words that are easy to guess.

Enable two-factor authentication (2FA) everywhere it‘s available. This requires you to enter a code from your phone or email to log in. 2FA makes it much harder for scammers to access your accounts.

Pro Tip: Use randomly generated passwords from a password manager. And change them every 60-90 days as an added precaution.

Check Your Credit Reports

Keep an eye on your credit by getting your free annual credit reports from AnnualCreditReport.com. Make sure no accounts have been opened without your permission.

You can also sign up for credit monitoring to get alerts on any changes or new activity. This helps detect fraud right away so you can take action.

Pro Tip: Credit monitoring services like IdentityForce and LifeLock include dark web monitoring and bank account alerts. They‘re worth the monthly fee for added security.

Review Online Profiles

Go through your information on social media, shopping profiles and other sites. Make sure you don‘t have your full address, phone number or birthday listed publicly.

Search your name online to see what‘s out there. Use this guide to removing personal information to clean up any exposures.

Pro Tip: Even seemingly harmless details like your pet‘s name or wedding date can help scammers piece together your identity. Share as little as possible publicly.

Report Suspicious Packages

If you receive an unsolicited package, report it to Amazon or the retailer it came from. Give them any order numbers, shipping labels or other details to aid in their investigation.

You can also file a complaint with the FTC and Better Business Bureau to help put a stop to brushing scams.

Pro Tip: By reporting brushing packages, you help authorities build cases against scammers. The more claims they have, the easier it is to pursue legal action.

Use Antivirus Software

Install updated antivirus software to detect malware and block suspicious sites. This prevents scammers from gaining access to your device and accounts.

Look for antivirus software that includes identity monitoring and protection. This watches for your info on the dark web and alerts you of any dangers.

Pro Tip: I recommend Webroot, Avast, and Bitdefender for great antivirus software with identity theft protection built in.

How Brushing Scammers Operate

Brushing scammers tend to use similar tactics and processes to carry out their schemes. Here‘s a look at how they source data and exploit loopholes to send out mass shipments:

Obtaining Personal Info

Brushing scammers first need to acquire names and addresses. According to security firm ZeroFOX, sources include:

  • Marketing and mailing lists purchased online
  • Public records including voter registration, property records, and court filings
  • Social media sites like Facebook and Instagram where users post some profile info publicly
  • Data leaks of account info, emails, and passwords sold on the dark web
  • Retailer loyalty programs that collect detailed customer data

With hundreds of millions of records available online, it‘s easy for scammers to compile recipient details.

Purchasing Items in Bulk

Popular brushing scam items are cheap and lightweight. This keeps shipping costs down when sending hundreds or thousands of packages.

Common items include:

  • Jewelry – Rings, necklaces, bracelets
  • Phone accessories – Chargers, cases, cables
  • Beauty products – Lipstick, face masks, nail polish
  • Small electronic gadgets – Mini speakers, selfie lights
  • Pet toys – Balls, ropes, squeaky toys

Scammers often use Chinese wholesalers like Alibaba to purchase generic, unlabeled products for pennies apiece.

Creating Fake Buyer Accounts

Amazon and other retailers require reviewers to have an account tied to the purchased product.

To fake it, scammers use your info to generate accounts that appear to have bought the item they sent you. They then leave positive reviews and ratings from these profiles.

This often occurs weeks after you receive the package, when you‘re less likely to recall it.

Exploiting Returns Policies

Amazon and other retailers now scan activity for patterns of brushing. Large volumes of shipments from new sellers raise red flags.

To avoid detection, scammers spread orders across multiple buyer accounts. They use disposable credit cards and random addresses to vary details.

Another tactic is shipping a variety of low-cost items together. This disguises the brushing attempts as legitimate orders.

Automating the Process

Given the scale of brushing scams, most operations rely on automation. Bots crawl sites to collect data then submit orders rapidly.

Reviews are also automated. Language algorithms can generate hundreds of unique-sounding endorsements for posting.

The entire process – from data gathering to writing fake reviews – runs 24/7 with little human oversight needed.

This makes brushing a hugely profitable venture. Even with just a 1-2% conversion rate on items sent, massive volumes make it worthwhile.

What Laws Are Related to Brushing Scams?

While sending unsolicited packages isn‘t illegal, posting deceptive reviews is against the law. Here are some of the regulations surrounding brushing:

FTC Act – Section 5

The FTC Act prohibits "unfair or deceptive acts or practices." This includes misrepresenting experiences with a product in reviews. Both companies and individuals can be fined under this act.

CAN-SPAM Act

The CAN-SPAM Act bans using false sender information and misleading subject lines in commercial emails. Brushing scams that involve fake accounts and emails may violate this law.

State Laws

Many states have consumer protection laws against fake reviews and misleading claims in advertising. For example, California, New York, and Florida all have applicable statutes to pursue brushing scammers.

Amazon‘s Guidelines

Amazon explicitly prohibits "creating false reviews intended to manipulate customer opinion." Sellers found brushing can be banned from the marketplace.

Mail and Wire Fraud Statutes

When scammers use the postal system and internet as part of a brushing scheme, mail and wire fraud laws may apply. Each fake package sent could be a separate felony.

While authorities are still playing catch-up on brushing scams, legal precedents are growing. With consumer awareness rising, we should see more enforcement actions in the coming years.

How to Identify an Amazon Brushing Scam

Wondering if that mystery package on your doorstep is part of a brushing scam? Here are the telltale signs to look for:

  • You didn‘t order the item yourself.
  • The package came directly from Amazon or another major retailer.
  • There‘s no return address or invoice included.
  • The items seem random and are typically inexpensive.
  • You don‘t recognize the sender‘s name.
  • Shortly after receiving the package, you see a positive review in your name.

If one or more of these elements apply, you likely got "brushed."

Here are some examples of common items sent in Amazon brushing scams:

  • Phone accessories like cases or chargers
  • Jewelry such as rings, necklaces and earrings
  • Electronic gadgets like Bluetooth speakers or fitness trackers
  • Beauty products including nail polish, eyeliner or face masks
  • Pet toys, leashes or grooming tools
  • Seeds for flowers, herbs or vegetables
  • Home goods like mini flashlights or kitchen tools

Don‘t be alarmed if you received something like this that you didn‘t buy. Brushing scams are extremely widespread, especially if your name and address are available online.

Just be vigilant with your personal information. Check bank statements regularly, use strong passwords and be wary of any unsolicited packages at your door.

How to Protect Yourself from Brushing Scams

Here are some final tips to avoid falling victim to Amazon brushing scams:

  • Don‘t publish your name or address online. Omit this info from social media, mailing lists and people search sites when possible.

  • Shop only on secure sites and never enter payment info on unfamiliar pages. Look for the "https" and padlock icon in the web address.

  • Use randomly generated passwords from a manager like Dashlane or LastPass. Change them every 60-90 days for important accounts.

  • Review all your online accounts regularly for unknown logins or profile changes. Enable login notifications when available.

  • Monitor bank and credit accounts closely via online banking and credit monitoring services.

  • Check your credit reports from each bureau once yearly to catch any suspicious activity.

  • If you get a mystery package, report it to the retailer involved and file a complaint with the FTC.

  • Keep software updated and use comprehensive antivirus protection with identity theft monitoring built in.

  • Sign up for full-service identity theft protection if you‘re very concerned. Companies like LifeLock provide monitoring across all your accounts, credit, public records, and the dark web.

The Bottom Line

Receiving random, unordered packages may seem fun or even exciting at first. But brushing scams can seriously impact your privacy and identity.

Don‘t panic if you are the victim of a brushing scam. Just make sure to report the incident and take precautions to protect your personal information. Enable login alerts, use strong passwords, monitor your statements, and be vigilant against future fraud.

With awareness and caution, you can keep your data secure and prevent unwanted brushing packages from arriving on your doorstep.

Luis Masters

Written by Luis Masters

Luis Masters is a highly skilled expert in cybersecurity and data security. He possesses extensive experience and profound knowledge of the latest trends and technologies in these rapidly evolving fields. Masters is particularly renowned for his ability to develop robust security strategies and innovative solutions to protect against sophisticated cyber threats.

His expertise extends to areas such as risk management, network security, and the implementation of effective data protection measures. As a sought-after speaker and author, Masters regularly contributes valuable insights into the evolving landscape of digital security. His work plays a crucial role in helping organizations navigate the complex world of online threats and data privacy.