• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

Terry Davis / July 8, 2022

Not Another Scam🙄

Yep, we don’t have enough to worry about I guess. Isn’t there enough danger out there already? We have to be careful of ransomware attacks, business email compromises, malware, phishing emails, vishing (voice phishing by phone), and smishing (phishing by text message). We have to protect our passwords, use multi-factor authentication, use different passwords for every account and make sure they are at least 35 characters long with letters, numbers, colors, a symbol from the periodic table, and a character from the Martian alphabet (you laugh now, but just wait!).
The latest scam is called a Brushing Scam.
Actually, it didn’t really start out as a scam. Let’s go back to the beginning.
When e-commerce started to take off, vendors realized that in order to increase their online sales, they needed to have higher rankings (i.e., more good reviews) than their competitors. Reviews come from customers. The e-commerce platforms (Amazon, eBay, etc.) knew that these vendors were trying to falsify reviews. The platforms then required that in order to leave a review, the ‘reviewer’ would have to have actually purchased the product they were writing about. The vendors than would pay these reviewers to order their item but would send them an empty box. The reviewers would then write a glowing review. These reviewers came to be known as “brushers”.
Over time, as the fake customer trick was becoming known, a new method evolved known as a “brushing scam”.
This involves a vendor accessing lists of names and addresses which are used to set up accounts that purportedly order items from the vendor. The order is shipped to the person at the address on the account (which is a real person and real address). A positive review is written, but not by the recipient. By whoever set up the fake account. Meanwhile, the package arrives at the home of an unsuspecting “customer”. What the vendor wants is the review in order to boost their legitimate sales. I guess they just look at it as a marketing expense.
While this may seem like a nice surprise, it actually can mean bad news. You may or may not care if your name is associated with a review of the item on Amazon. But what you should care about is that it means that your information is out there and available for someone to initiate identity fraud using your information.
To answer what is likely your first question, “Yes, you can keep what you received and you are not required to pay for it.” However, it is possible that you did in fact pay for it if your credit card or PayPal account were hacked.
Check out our “Tip of the Week” for things you should do if you find you are receiving items you did not order. It may be a nice surprise, but be wary of the soldiers inside that Trojan Horse.
CYBER NEWS
How cyber criminals are targeting Amazon Prime Day shoppers
Check Point Research is already seeing phishing emails and suspicious domains designed to scam prospective Amazon Prime Day shoppers.
www.techrepublic.com • Share
Russian hackers may be behind Texas natural gas plant explosion: report
Russian hackers may be behind Texas natural gas plant explosion: report
A Russian hacking group may have targeted the industrial controls at a liquefied natural gas plant in Texas, leading to its explosion on June 8, a new
americanmilitarynews.com • Share
FBI warns of ‘significant threat’ of fraud on LinkedIn
FBI warns of ‘significant threat’ of fraud on LinkedIn
CNBC’s Yasmin Khorram joins Shep Smith to report on the threat of fraud on LinkedIn, which the Federal Bureau of Investigation says is a ‘significant threat.’
www.cnbc.com • Share
Disneyland Instagram Hacked as Racist, Offensive Posts Shock Internet Users
Disneyland Instagram Hacked as Racist, Offensive Posts Shock Internet Users
An individual identifying themselves as a “super hacker” posted a string of highly offensive posts on Disneyland’s Instagram feed on Thursday morning.
www.newsweek.com • Share
TIP OF THE WEEK
Protect Yourself from Brushing Scams
A brushing scam is one in which you receive a package from a vendor who has provided positive online feedback on the item in your name. While it may seem great that you received “free stuff”, it is not as good as it seems. Here are some steps to take to protect yourself if you are hit by a brushing scam:
If the package is unopened and has a return address, mark “Return To Sender” on the outside, and UPS will return it at no cost to you, OR
Throw away the merchandise, OR
Keep it…since it was sent unsolicited, you are not legally required to pay for it
If the merchandise is an unknown liquid/substance or other ‘organic material’ (food, vitamins, plants, etc.), notify the proper authority and follow their instructions
If the package seems to potentially contain hazardous or illegal materials, take steps to protect yourself and others:
Isolate the item at a safe distance from people
Document any information printed on the outside of the package
Wash your hands thoroughly
Alert anyone in the vicinity
Find medical assistance if necessary
Report to proper authorities
DO NOT pay for any merchandise you did not order. They cannot make you pay for something you did not request.
Check to ensure that your credit accounts were not used to pay for the item
Notify the third-party retailer by filing a fraud report on their website (Amazon, e-Bay, etc.) and request that they remove any reviews posted in your name that you did not make
Change your password on any accounts affiliated with shipping or online purchases (e.g., Amazon, Wal-Mart, Door Dash, credit cards, bank accounts, etc.)
VOCABULARY WORD
Distributed Network: A computer network that is comprised of more than one network with a single shared communication network that can be managed by each of the individual networks.
CYBRT HUMOR

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT