Brushing: the scam that sends unsolicited packages and compromises your privacy

  • 'Brushing' involves sending unsolicited packages in order to use the recipient's personal data.
  • Scammers use QR codes to redirect users to fraudulent websites where they capture sensitive data.
  • Victims may be subject to identity theft and lose access to their bank accounts.
  • It is recommended not to scan QR codes on unknown packages and to report the case to the authorities.

Package received without requesting it

Receiving a package at your home can be common at this time of year., especially with the arrival of Christmas and the popularity of e-commerce. However, if you have not requested that delivery, you could be falling victim to a new type of scam known as 'brushing'This practice, which already has a worrying presence in the United States, is beginning to gain ground in Spain and is a cause for concern from consumer organizations such as the OCU.

The 'blow-dry' scam operates in a deceptively simple way: You receive a package at your home with a low-value product, such as seeds, cheap gadgets or even toys. Along with the article, a unit’s QR code which arouses the recipient's curiosity. This code is the core of the scam, as it directs you to a website that requests personal data such as your address, ID number or even banking information.

What are scammers looking for with 'blow-drying'?

QR code on package

The main objective of this scam is identity theft.. Victims' personal data is used to carry out fraudulent transactions, such as requesting loans or even opening bank accounts in their name. In addition, criminals can use this information to leave fake reviews on e-commerce platforms, simulating positive reviews that benefit the sale of low-quality or fraudulent products.

The practice also carries additional risks when the packages contain electronics devices. The OCU warns that products such as smartwatches or fitness trackers may include malicious software designed to collect more private information from users without their knowledge. Therefore, Receiving seemingly innocent devices could further compromise your privacy.

Where do they get your data from?

Information stolen in scam

Scammers access your personal data in a variety of ways. They often take advantage of leaks in databases from large platforms or buy information on the black market. In other cases, They extract data from public sources or benefit from users who have unwittingly provided them on fraudulent pages.

The use of this information makes it easier for them to make shipments that, although they do not contain direct charges for the victim, do cause serious problems in terms of Privacy y to maximise security and your enjoyment.. For this reason, it is essential be alert to any suspicious activity in our online accounts and never share sensitive data on unknown sites.

Tips to protect yourself from blow-drying

If you suspect that you have received a package related to this scam, it is very important that you take immediate action. Here are some key tips:

  • Do not open or use the contents of the package., especially if it is an electronic device.
  • Do not scan the QR code included in the shipment, as it could redirect you to a fraudulent page designed to capture more personal information.
  • Contact your local authorities and report the case as an attempted identity theft. This includes reporting to the Spanish Data Protection Agency.
  • If possible, report the incident to the e-commerce platform where the package is supposed to have originated. This can help stop similar fraudulent activities in the future.

Also, it doesn't hurt to check if your personal data have been involved in some kind of recent breach. There are online tools that allow you to check if your email or information has been exposed in public databases following cyber attacks.

The impact of blow-drying on e-commerce

Impact on e-commerce

Blow-drying not only affects consumers, but also threatens the online retail sector. Fraudulent reviews alter search results and recommendations on platforms, harming both legitimate buyers and sellers. Companies like Amazon, AliExpress y Shein are already taking steps to combat this phenomenon, but their efforts are often overshadowed by the speed with which these practices evolve.

Cybersecurity experts therefore recommend that platforms strengthen their review authentication systems and work hand in hand with the authorities to pursue and punish those responsible for these activities.

The phenomenon of 'brushing' replaces trust with uncertainty in an online shopping landscape that is growing exponentially. Recognising and preventing these frauds is essential to protecting our personal data and ensuring a safe shopping experience for everyone.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.