Brushing Scam: Is This Free Amazon Package Legit?

Share this:

Gaetano DiNardi

Head of Content at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Did You Get An Unexpected Package From Amazon?

    Unfortunately, unordered merchandise on your doorstep isn’t a random act of kindness. You might be the target of a brushing scam.

    E-commerce businesses — especially Amazon sellers — depend on positive reviews and sales numbers to build their reputation. Brushing scams, where they ship you a random item is one of the ways they’ve learned to game the system. 

    But what’s the problem? You get a free item and the store gets a “sale”. 

    Brushing scams themselves aren’t overly dangerous. But they’re a warning sign of identity theft.

    So how can you protect yourself if you think you’re the victim of a brushing scam? 

    What Is a Brushing Scam? And Is It Serious?

    A brushing scam is a technique used by unethical e-commerce businesses to generate fake orders and boost their seller rating.

    Third-party sellers on Amazon and eBay send you mystery parcels without a return address. These boxes contain inexpensive items like headphones, screen protectors, candles, or bluetooth speakers.

    Then, they use these "verified" sales to write fake reviews (in your name) and boost their store's reputation.

    Early reports of brushing schemes first appeared with “mystery seeds” arriving from China in 2015. Since then, the phenomenon has become more common in the United States and Canada with thousands of people a year receiving packages they didn’t order.

    Compared to other types of fraud, brushing might not seem dangerous. But not only do they make online reviews less trustworthy, they also show how easily hackers can steal your personal information.

    Take action: If shady Amazon sellers can find your email and address, your bank account, email, and other online accounts could also be at risk. Try Aura’s identity theft protection free for 14 days to secure your identity against scammers.

    How Do Brushing Scams Work?

    1. A seller creates a fake account using your name and address.
    2. Brushing scam vendors then use this account to purchase their own product and send it to your address.
    3. Once the package is delivered, the scammer uses the fake account to post a glowing five-star review. 
    4. The review will be labeled as a "verified buyer" because the actual purchase is legitimate and under a real name (i.e., your name).
    5. Sellers can repeat this process with hundreds and thousands of fake accounts, using fake reviews to drive real purchases.

    💡 Related: 14 Amazon Scams You Didn't Know About (Until Now) →

    Free Amazon Package? It's Probably a Scam

    Sites like Amazon rate and rank sellers according to the feedback and ratings received from previous customers. More positive reviews wield powerful influence over people’s purchasing decisions online. 

    Amazon sellers aren’t allowed to send packages without a valid order. They’ll be penalized and potentially removed from the platform if they participate in a scheme to gain fake reviews. 

    If a company is struggling for social proof, it can use a brushing scam to falsify sales and give itself fraudulent positive ratings. 

    How Do Brushing Scammers Steal Your Name and Address?

    The real danger of a brushing scam isn’t in receiving a product you didn’t order. It’s knowing that your private information was easily found online.

    So how do scammers get access to your private information? Here are a few ways that brushing scammers get your data:

    • They find you on a public database. Your information may be available in the Whitepages or on social media. Even doing a simple Google search for your name could come up with your home address and other sensitive information.
    • Your personal data was stolen in a breach. Due to the number of data breaches in recent years, there’s a good chance your personal information is available on the Dark Web
    • They shoulder surf your sensitive information. While less likely, scammers can use a technique known as shoulder surfing to watch you enter your sensitive information in public. 

    In the end, it doesn’t matter where scammers found your information. What matters is that it was available to them. Because if they have your name and address, then they most likely can also find more sensitive data such as your Social Security number, passwords, banking information, and medical data (which could lead to medical identity theft).

    Be especially careful with your SSN as it's not always possible to change your Social Security number — even after identity theft.

    💡 Related: Watch Out For These 7 Awful OfferUp Scams

    4 Ways Brushing Scams Can Hurt You

    1. It means hackers have stolen your personal information.
    2. Scammers make more money, and continue scamming.
    3. You end up paying higher costs for low quality products.
    4. Fake reviews make online shopping more risky.

    Brushing scams aren’t a victimless crime. While you might enjoy the idea of receiving free Amazon packages, these scams ultimately put you at risk.  

    1. It shows that hackers have already stolen your personal information

    If you’re part of a brushing scam, it means a scammer knows your name and address. They could also have access to sensitive data such as your account passwords and banking information. 

    Criminals can exploit this information in many ways, from opening a credit card account in your name to changing your mailing address and intercepting important documents. 

    If you start receiving strange packages – or any other strange mail – you might be the victim of identity fraud.

    Take action: If scammers can easily find your personal data, they could take out loans in your name or empty your bank account. Try an identity theft protection service to monitor your finances and alert you to fraud.

    2. Scammers make more money (and keep on scamming)

    These insincere sellers often send their targets low-cost, lightweight products that don’t cost much to ship. However, the scammers can make a hefty profit when orders start pouring in. 

    According to the Better Business Bureau (BBB), a large-scale brushing scam can boost sales numbers since unsuspecting consumers are more likely to trust “verified” reviews. Plus, online marketplaces usually give more exposure to products with higher sales. 

    The padded social proof can even work as a search engine optimization (SEO) cheat. Suddenly, these shady businesses show up higher on Google than legitimate companies. 

    The more a scam works, the more scammers will keep using it.

    💡 Related: Avoid These 8 eBay Gift Card Scams At All Costs

    3. You end up paying more for poor quality merchandise

    Amazon is notorious for repeatedly changing prices in response to demand and other variables. Therefore, consumers may end up paying extra for a fraudulent product due to the fake demand that brushing scams create.

    4. Fake reviews make online shopping more risky

    Customers are nearly three times more likely to favor a product if it has a rating between 4.2 and 4.7. 

    For this reason, Amazon has cracked down hard on brushing scams and fake review schemes. The company says they analyze roughly 10 million reviews every week to identify fake ones. 

    But the dangers of online shopping keep increasing – especially as the COVID-19 pandemic boosts online shopping (and other related Covid scams). As scammers flood Amazon and other sites with fake customer reviews, it makes it harder to find products that are good value. 

    Victim of an Amazon Brushing Scam? Here's What To Do.

    1. Contact Amazon. An Amazon customer support representative can tell you whether your real account has been compromised. Amazon will also cancel the fake account. The same goes for other marketplaces like eBay. 
    2. Change your passwords. The scammers may have access to your other online accounts. Change the passwords on your email, banking, and other accounts that contain sensitive information. Choose a secure password that combines letters, numbers, symbols, and uncommon phrases.
    3. Set up a password manager. This stores all your passwords securely so you don’t have to worry about forgetting them. 
    Aura password manager
    Source: Aura Password Manager
    1. Add Two-Factor Authentication (2FA) to your account – but not SMS. 2FA is an additional security measure where sites send you a special code to enter along with your username and password. But don’t use SMS as it can be compromised if your phone is stolen. Instead, try an authenticator app like Google or Okta. 
    2. Check your bank accounts and credit cards for fraud. Log in to your accounts and look for suspicious withdrawals or charges. If you find any transactions that you can't explain, contact your bank or credit card provider and then go through the steps of the fraud victim's checklist. You can also check your credit reports for free using AnnualCreditReport.com.
    3. Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud.
    4. Check for data breaches on the Dark Web. Use Aura’s free Dark Web Scanner to see if your information has been stolen and is available to hackers. If you see any familiar accounts, change those passwords immediately. 
    5. Report the incident. In the case a brushing scam leads to any type of identity theft, file a complaint on ftc.gov. If you have reason to believe your Social Security number, passport, or other personal identification details have been compromised, contact law enforcement immediately. 
    6. Consider signing up for identity theft protection. Aura’s top-rated identity theft protection monitors all of your most sensitive personal information, online accounts, and finances for signs of fraud. If a scammer tries to access your accounts or finances, Aura can help you take action before it’s too late. Try Aura’s 14-day free trial for immediate protection while you’re most vulnerable.

    Sometimes, scammers are persistent and will continue to send packages to your address. In that case, get in touch with your local post office and ask them to stop the deliveries while you formulate a more permanent solution. 

    The $1 Million Question: Can You Keep the Packages?

    The short answer is yes. 

    The FTC (Federal Trade Commission) says you’re allowed to keep unordered packages that are addressed to you. According to the FTC, the seller can’t charge you for the items. 

    However, remember that honest online sellers make genuine mistakes. If there’s a return address on the package and you haven’t received unsolicited packages before, consider sending it back.

    Related: Was Your Amazon Package Stolen? Here’s What To Do

    Brushing Scams Aren't Harmless

    A brushing scam may seem harmless at first. But if you’re involved in one, your personal information could be a risk. 

    If you have no idea what to do if your identity is stolen, consider signing up for Aura.

    With Aura, you get identity theft and fraud protection that covers all your devices. And if the worst happens, you have access to 24/7 support and a $1 million insurance policy for eligible losses due to identity theft. 

    Ready for ironclad identity theft protection? Try Aura 14-Days Free!

    Related Articles

    how to prevent your identity from being stolen
    Identity Theft

    How To Protect Yourself From Identity Theft

    Identity theft has gotten out of control. Online scammers are relentless today. Learn how to protect yourself from identity theft in 2022 and beyond.

    Read More
    September 26, 2022
    Lost or stolen wallet: Header image
    Identity Theft

    Is Your Wallet Lost Or Stolen? Here's What To Do

    Is your wallet lost or stolen? Don't panic! Aura's team of experts will guide you through the recovery steps and remediation process.

    Read More
    August 19, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers