FTC issues warning about dangerous deliveries: free gifts that contain identity theft


The Federal Trade Commission (FTC) has warned Americans about a dangerous new scam: mysterious ‘gifts’ arriving at doorsteps containing malicious QR codes. This makes old brushing schemes more sophisticated.

In brushing scams, fraudsters send unsolicited packages to victims using personal information they stole or bought online. This is done to boost product ratings and sales with fake verified purchase reviews.

Getting free merchandise might seem harmless, but it indicates that the personal information of the receiver has been compromised, potentially exposing them to identity theft.

ADVERTISEMENT

Scammers are sending people fake ‘luxury’ items like rings, beauty products, or even Bluetooth speakers.

Here is the new twist. Unwanted gifts now also come with malicious QR codes. The 2 in 1 variation of the brushing scam allows fraudsters to write fake reviews and steal personal data.

“An unexpected package from an unknown sender arrives in your name. You open it and find a note that says it’s a gift, but it doesn't say who sent it. The note also says to scan a QR code to find out who sent it – or to get instructions on how to return it,” the FTC explains.

Scanning the malicious QR code takes victims to a phishing website stealing their personal information, such as usernames, passwords and credit card numbers. Other variations attempt to infect the device with malware, so hackers have access to the victim’s phone.

“Did someone really send you a gift? Or is it an attempt to steal your personal information? If you know it’s really a gift, you can keep it. But know that the unexpected package could be a new twist on a brushing scam that could steal your personal information,” the FTC warns.

Hackers have previously targeted Switzerland with a malicious campaign, sending counterfeit letters containing harmful QR codes.

jurgita Niamh Ancell BW vilius Konstancija Gasaityte profile
Don’t miss our latest stories on Google News

The law doesn’t prohibit people keeping the ‘gifts,’ even if they come from scammers.

ADVERTISEMENT

Anyone who may have interacted with suspicious QR codes should take immediate protective steps. Change the password right away if your credentials got compromised – create a strong, hard-to-guess password and turn on multi-factor authentication.

The FTC suggests monitoring credit reports at AnnualCreditReport.com, reviewing credit card bills and bank account statements, and looking for signs that someone is using stolen information, like opening accounts in your name.

Report suspected identity theft at IdentityTheft.gov.