Not Another Scam… Yep, we donât have enough to worry about, I guess. Isnât there enough danger out there already?
We must be careful of ransomware attacks, business email compromises, malware, phishing emails, vishing (voice phishing by phone), and smishing (phishing by text message). We have to protect our passwords, use multi-factor authentication, use different passwords for every account, and make sure they are at least 35 characters long with letters, numbers, colors, a symbol from the periodic table, and a character from the Martian alphabet (you laugh now, but just wait!).
The latest scam is called a Brushing Scam.
It didnât start out as a scam. Letâs go back to the beginning.
When e-commerce started to take off, vendors realized that to increase their online sales, they needed to have higher rankings (i.e., more good reviews) than their competitors. Reviews come from customers. The e-commerce platforms (Amazon, eBay, etc.) knew these vendors were trying to falsify reviews.
The platforms then required that to leave a review, the âreviewerâ would have to have purchased the product they were writing about. The vendors then would pay these reviewers to order their items but would send them an empty box. The reviewers would then write a glowing review. These reviewers came to be known as âbrushers.â
Over time, as the fake customer trick became known, a new method evolved known as a âbrushing scamâ.
This involves a vendor accessing lists of names and addresses which are used to set up accounts that purportedly order items from the vendor. The order is shipped to the person at the address on the account (which is a real person and actual address).
A positive review is written but not by the recipient. By whoever set up the fake account. Meanwhile, the package arrives at an unsuspecting âcustomerâ home. What the vendor wants is the review to boost their legitimate sales. I guess they just look at it as a marketing expense.
While this may seem like a nice surprise, it actually can mean bad news. You may or may not care if your name is associated with a review of the item on Amazon. But what you should care about is that it means that your information is out there and available for someone to initiate identity fraud using your information.
To answer what is likely your first question, âYes, you can keep what you received, and you are not required to pay for it.â However, you could have paid for it if your credit card or PayPal account were hacked.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.