May 18, 2025
Ray Simmons was baffled when an Amazon package containing beet chews landed on his doorstep.
“I did think that maybe someone in my family was playing a joke on me, that they were telling me that I needed to eat healthier,” Simmons shared with WSB-TV Atlanta.
Advertisement
But the package wasn't a joke. Simmons, as he would come to learn, had unwillingly become the target of a scam known as “brushing.” The scheme is reportedly designed to exploit consumer data and manipulate online product reviews, the U.S. Postal Inspection Service (USPIS) reports.
And while that may seem fairly harmless, USPIS has issued a warning to Americans across the country: if you receive a package that you didn’t order, do not scan any QR codes that come with it.
What is the brushing scam?
The brushing scam involves third-party sellers on e-commerce platforms that send unsolicited, low-value items to random people whose names and addresses were found online.
Once the item is shipped, the scammers leave fake five-star reviews online using the recipient’s name, or a fake profile made to resemble the recipient. The goal is to make the seller’s products appear popular and highly rated in order to gain more visibility and sales.
“They didn’t order anything, they received it, and it’s generally a household item, a low-value item,” said U.S. Postal Inspector David Gealey. “They have your personal information, which is easy to get because they can just Google a name and address. It’s out there on the web, right?”
Although the brushing scam might not directly lead to a financial loss, it signals that your personal information — such as your name and address — is being used without your knowledge. And that personal information could be circulating on unsecured databases or among bad actors online.
All of this would be cause for concern, but the dangers of this scam can become a lot more severe if the target does not exercise caution.
Must Read
- Dave Ramsey warns nearly 50% of Americans are making 1 big Social Security mistake — here’s what it is and the simple steps to fix it ASAP
- Robert Kiyosaki begs investors not to miss this ‘explosion’ — says this 1 asset will surge 400% in a year
- Vanguard reveals what could be coming for U.S. stocks, and it’s raising alarm bells for retirees. Here’s why and how to protect yourself
Join 250,000+ readers and get Moneywise’s best stories and exclusive interviews first — clear insights curated and delivered weekly. Subscribe now.
The real threat: QR codes
Postal inspectors say the real danger comes when these packages include a QR code, which urges recipients to scan for more information or to confirm the delivery. These codes can lead to malicious websites that steal personal data, install malware or phish for sensitive information.
Advertisement
“We do caution customers: do not scan any QR code on the package because sometimes that QR code can lead to a malicious site,” Gealey warned.
Fortunately, Simmons' package did not contain a QR code. However, he still took a few necessary steps to protect himself and ensure his Amazon and banking accounts hadn’t been compromised.
What to do if you receive a package you didn’t order
Receiving an unexpected package could indicate that your personal information is being misused. Here's what USPIS recommends.
Do not scan QR codes: As we discussed above, scanning QR codes from unreliable sources can bring on a heap of trouble that could lead to stolen personal data or harmful malware installed on your device(s).
Do not return the item: You are not legally obligated to return unsolicited items. Simply keeping or discarding the package is safe, but don’t follow any instructions that came with it.
Check your financial accounts: Review your online bank and credit card statements, as well as your online shopping profiles and Amazon account activity immediately to ensure that your accounts haven’t been hacked.
Report the package: Notify your local police department, USPIS and/or the Federal Trade Commission about the unsolicited package. Reporting the package can help authorities with their investigation and can potentially prevent others from becoming a victim.
You May Also Like
- Turning 50 with $0 saved for retirement? Most people don’t realize they’re actually just entering their prime earning decade. Here are 6 ways to catch up fast
- This 20-year-old lotto winner refused $1M in cash and chose $1,000/week for life. Now she’s getting slammed for it. Which option would you pick?
- Warren Buffett used these 8 repeatable money rules to turn $9,800 into a $150B fortune. Start using them today to get rich (and stay rich)
- Here are 5 easy ways to own multiple properties like Bezos and Beyoncé. You can start with $10 (and no, you don’t have to manage a single thing)
Monique Danao is a highly experienced journalist, editor and copywriter with 8 years of expertise in finance and technology. Her work has been featured in leading publications such as Forbes, Decential, 99Designs, Fast Capital 360, Social Media Today and the South China Morning Post.
