Not Another Lurking Scam 🙄

Not Another Scam… Yep, we don’t have enough to worry about, I guess. Isn’t there enough danger out there already?

We must be careful about ransomware attacks, business email compromises, malware, phishing emails, vishing (voice phishing), and smishing (phishing via text message). We have to protect our passwords, use multi-factor authentication, use different passwords for every account, and make sure they are at least 35 characters long with letters, numbers, colors, a symbol from the periodic table, and a character from the Martian alphabet (you laugh now, but wait!).

The latest scam is called a Brushing Scam.

It didn’t start as a scam. Let’s go back to the beginning.

When e-commerce started to take off, vendors realized that to increase their online sales, they needed higher rankings (i.e., more positive reviews) than their competitors. Reviews come from customers. The e-commerce platforms (Amazon, eBay, etc.) knew these vendors were trying to falsify reviews.

The platforms then required that, to leave a review, the ‘reviewer’ must have purchased the product they were writing about. The vendors would then pay these reviewers to order their items, but send them an empty box. The reviewers would then write a glowing review. These reviewers came to be known as “brushers.”
Over time, as the fake customer trick became known, a new method emerged: the “brushing scam”.

This involves a vendor accessing lists of names and addresses to set up accounts that purportedly order items from the vendor. The order is shipped to the person at the address on the account (a real person with an actual address).

A positive review is written but not by the recipient. By whoever set up the fake account. Meanwhile, the package arrives at an unsuspecting “customer’s” home. What the vendor wants is the review to boost their legitimate sales. I guess they look at it as a marketing expense.

While this may seem like a pleasant surprise, it actually can mean bad news. You may or may not care if your name is associated with a review of the item on Amazon. But what you should care about is that it means your information is out there and available for someone to commit identity fraud.

To answer what is likely your first question, “Yes, you can keep what you received, and you are not required to pay for it.” However, you could have been charged if your credit card or PayPal account were hacked.

Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face.  We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.