In the age of online shopping, almost anything can be delivered to your doorstep. But when parcels you never ordered start arriving, experts say it should raise immediate concerns about personal data theft.
The 'Brushing' Scam Explained
Consumer group Which? has warned that these unsolicited packages are often part of a scam known as 'brushing'. According to Which?, a seller on platforms like Amazon, eBay, or AliExpress obtains your details—likely through a data breach—and then 'buys' a product in your name. When the item arrives at your home, the website registers it as a legitimate purchase, allowing the scammer to leave a fake, positive review in your name.
Experts believe this is carried out on a large scale, with cheap and low-quality products being sent to households that never requested them. The goal is to boost the seller's ranking, pushing their products higher in search results for genuine buyers.
Hidden Dangers in the Package
While the scam may seem harmless at first glance, as recipients do not lose any money, there can be more sinister elements. Which? warns that some packages contain QR codes. Scanning these with your phone could lead to a malicious website or download malware onto your device. Even without a QR code, receiving an unexpected parcel could indicate your data has been stolen.
What to Do If You Receive an Unsolicited Parcel
If you receive an unexpected package addressed to you, report it to the website that dispatched it. Additionally, check your credit file for any unrecognised accounts, as this could indicate further misuse of your data.
Which? also recommends using the website haveibeenpwned.com to check if your email address has been involved in any data breaches. This service provides details on the timing of breaches and what data was exposed, including names, usernames, email addresses, and passwords.
It is also advisable to ensure your passwords are strong and unique. Using a password manager can help generate and store complex passwords securely.
Booking.com Data Breach
In related news, experts have issued warnings following a data breach at Booking.com. Cybercriminals accessed customers' reservation details, including names, email addresses, and phone numbers. Some customers have reported receiving suspicious messages.
A Booking.com spokesperson stated: 'We recently noticed suspicious activity involving unauthorised third parties accessing some of our guests' booking information. We took immediate action to contain the issue, updated PIN numbers for affected reservations, and informed guests. Financial information and physical addresses were not accessed. We encourage guests to remain vigilant against phishing attacks and remind them that Booking.com will never ask for credit card details via email, phone, WhatsApp, or text, nor request bank transfers different from the payment policy.'
