Scam alert: QR code on an unexpected package
Scam alert: QR code on an unexpected package
Embedded Files
An unexpected package from an unknown sender arrives in your name. You open it and find a note that says it’s a gift, but it doesn't say who sent it. The note also says to scan a QR code to find out who sent it — or to get instructions on how to return it. Did someone really send you a gift? Or is it an attempt to steal your personal information?
If you know it’s really a gift, you can keep it. But know that the unexpected package could be a new twist on a brushing scam that could steal your personal information.
Free gifts might seem like fun — but when an unexpected package lands on your doorstep, it may come with a higher cost than you expected. Scammers are sending people fake “luxury” items like rings, beauty products, and even Bluetooth speakers. This is sometimes called a “brushing scam,” so called because it’s “brushing up” — or increasing — the scammer’s sales. How does it work? Scammers or sellers of knock-off merchandise find your address or other personal information online. They send you goods you never ordered and use your information to write fake online reviews about their products in your name — which helps them boost sales.
“Who cares if they write a fake review in my name?” you might say. Well, if you got a package you didn’t order, it means someone likely has your personal information — and undoing the potential harm from identity theft could cost you time and money.
If you got an unexpected package you didn’t order:
Change passwords on all your online shopping accounts in case they were compromised. If the package came from Amazon or another online marketplace, send the platform a message so they can investigate removing the seller.
Check your credit weekly for free at AnnualCreditReport.com to monitor the information in your credit report and check for signs of identity theft.
Don’t contact the sender. If you search online for the sender and reach out, anyone who responds will likely try to get more sensitive information from you to try to steal your money.
If you scan the QR code, it could take you to a phishing website that steals your personal information, like credit card numbers or usernames and passwords. It could also download malware onto your phone and give hackers access to your device.
If you scanned the QR code and entered your credentials, like your username and password, into a website, change your password right away. Create a strong password that is hard to guess, and turn on two-factor authentication.
If you’re concerned someone has your personal information, get your free credit report at AnnualCreditReport.com. Look for signs that someone is using your information, like accounts in your name you don’t recognize. (You can get a free credit report every week.)
Also review your credit card bills and bank account statements and look for transactions you didn’t make. And consider taking other steps to protect your identity, like freezing your credit or putting a fraud alert on your credit report.
If you think someone stole your identity, report it, and get a personal recovery plan at IdentityTheft.gov.
What else can you do to protect your personal information? Regularly update your computer software and your phone to get the latest security patches. And learn to recognize a phishing email or text message.
For more information, consult the materials available from the Federal Trade Commission Consumer Advice
https://consumer.ftc.gov/
Page updated
Report abuse