What Is a Brushing Scam?

Updated on April 3, 2025.

Have you ever received a package from Amazon that you didn’t order? You might be a victim of a brushing scam. A brushing scam occurs when you receive a package containing items you never purchased. These unexpected packages are usually addressed to you but often lack a return address. Scammers tend to send packages through well-known third-party sellers to make you believe the package was sent by mistake. 

Although receiving an unexpected package might seem harmless, falling victim to a brushing scam means your private information has likely been compromised. This can lead to scammers targeting you with cyber attacks and attempting to steal your identity.

Continue reading to learn how brushing scams work, why they’re dangerous and what you should do after receiving an unexpected package.

How brushing scams work

Brushing scams involve scammers sending unsolicited packages, usually using your name and address unexpectedly. Scammers gather your Personally Identifiable Information (PII) from data breaches or public records to send you these mystery packages and commit additional fraud. Once the scammer has your information, they’ll send you a package, expecting you to believe it’s a legitimate order you made. The scammer’s goal is to create a false transaction, allowing them to leave fake reviews or boost a product’s ratings in your name. These reviews help the scammer’s product gain credibility on popular online shopping platforms, tricking other customers into purchasing that item.

How to spot a brushing scam

Brushing scams can be difficult to identify, but there are a few simple ways you can spot them.

You receive packages you didn’t order

One of the most apparent signs of a brushing scam is receiving a package you never ordered. Packages from brushing scams often appear unexpectedly, and you may not have any memory of even searching for the item. The package may come from an unfamiliar company or from a retailer you’ve never purchased anything from. However, scammers may trick you by sending you packages while impersonating well-known e-commerce sites that you may have done business with before. If you’ve recently made a purchase and expect a package, check the shipment details and tracking number carefully.

The package doesn’t have a return address

Another sign that a package is involved in a brushing scam is when it lacks a return address. Legitimate companies usually include a return address on their shipments. If there’s no return address or if it’s a generic shipping label, it’s likely part of a scam. Scammers want to avoid being traced back to their malicious activities, so they will often leave revealing information off.

Your name appears on reviews for the product

If you’ve received an unsolicited package, check online product reviews for any mention of your name. In brushing scams, scammers will often use your personal details to leave fake, positive reviews about the product they sent you. Your name may appear on these reviews, even though you never even wrote them. This is how scammers manipulate a product’s ratings to make it appear more legitimate, increasing the likelihood of others purchasing it.

The package contains a QR code

Some brushing scams include a QR code in the package that may link to a website or product review page. Scammers include these codes to direct you to spoofed websites that gather more of your personal information to continue committing fraud. Be cautious about scanning any unfamiliar QR codes, as they can lead to malware infections and fraudulent websites.

Why brushing scams are dangerous

You may be wondering what the downside is of receiving a free gift. Although it seems harmless, brushing scams can be dangerous for several reasons:

• Fake reviews: The main goal of a brushing scam is for scammers to write fake reviews in your name for a product you never ordered. These reviews are designed to boost the ratings of a product artificially, which helps increase company sales. Because most items sent in brushing scams are inexpensive to buy and ship, scammers consider it worthwhile to use your PII to commit these scams and other forms of fraud.
• Exposure of PII: Brushing scams rely on obtaining your PII to impersonate you in misleading online reviews. This exposure of your PII is risky because once scammers have your information, they can use it to commit fraud and even identity theft.
• Impact on digital footprint: Since scammers can use your PII across multiple platforms, your digital footprint might be negatively affected. Your PII can be shared or sold on the dark web, leading to more opportunities for scammers to exploit it.
• QR code scams: If you receive an unsolicited package with a QR code, be cautious. By scanning the QR code, you can directly send your PII to the scammer. This technique of scamming, known as quishing, often tricks recipients into scanning a code to register a product or identify the sender.

What to do if you receive a package you didn’t order

If you receive a package you didn’t order, immediately notify the retailer, decide what to do with the package, update your passwords and check your bank statements for signs of fraud.

Notify the retailer

The first step after receiving an unexpected package is to notify the retailer listed on the package. For example, if you receive an Amazon package that you didn’t order and it’s not a gift from someone you know, it’s important to take action immediately. Report it online by visiting Amazon’s Report Unwanted Package page. In cases where the package is addressed to someone who doesn’t live in your household, you should contact Amazon’s customer service. When you speak with Amazon, make sure to provide them with the number of unsolicited packages you’ve received, the tracking number for one of those packages and any additional relevant information to help them investigate.

Keep, discard or return the package

According to the Federal Trade Commission (FTC), since packages in brushing scams are addressed to you, you are legally allowed to keep them. Companies are forbidden from sending unordered products and demanding payment, so you are not obligated to pay a retailer for an item received in a brushing scam.

However, just because you can keep an unexpected package doesn’t mean you should ignore potential security. Trust your instincts when deciding whether to keep or discard the item. If you haven’t opened the package yet, you can mark it as “Return to Sender,” and it will be returned at no cost to you since you never ordered it.

Change your passwords

If you’ve been targeted by a brushing scam, it likely means your PII has been compromised. To protect your online accounts, it’s important to update your passwords immediately. A quick way to do this is to use a password manager like Keeper^®. With Keeper, you can store all your login credentials securely and use its built-in password generator to create strong, unique passwords for each account. 

Alternatively, if you prefer to create your own passwords, ensure they are at least 16 characters long and a combination of uppercase and lowercase letters, numbers and symbols. Updating to stronger passwords will enhance the security of your online accounts and reduce the risk of scammers accessing your information or engaging in identity theft.

Enable Multi-Factor Authentication (MFA)

In addition to updating your passwords, another way to secure your accounts is by enabling Multi-Factor Authentication (MFA). MFA adds an extra layer of protection, requiring anyone attempting to log in to verify their identity through a secondary method. This could include a PIN, a code from an authenticator app, a security question answer or even biometric information.

With MFA enabled, even if a scammer has your login credentials, they won’t be able to access your accounts without providing the additional authentication method. If you’ve received a package from a brushing scam or accidentally scanned a QR code, it’s important to set up MFA on all your accounts immediately to prevent scammers from stealing your personal data.

Check your bank statements for signs of fraud

Scammers can use the PII obtained through brushing scams to commit fraud, so it’s important to keep a close eye on your bank statements and credit reports for signs of suspicious activity. Regularly check your bank account and credit card bills for unauthorized transactions. To stay on top of potential fraud, enable notifications through your banking apps to receive real-time alerts, enabling you to take action quickly.

Consider placing a fraud alert on your credit report

If you’ve received a package you never ordered, consider placing a fraud alert on your credit report, as a scammer may have sensitive PII related to your finances that could be used to commit fraud. A fraud alert requires you to verify your identity before opening a new line of credit or obtaining a loan in your name. Placing a fraud alert can help prevent scammers from using your PII to steal your identity or damage your credit. To place a fraud alert, contact one of the three major credit bureaus (Experian, TransUnion or Equifax).

Conduct a dark web scan

After receiving an unsolicited package and suspecting that your PII has been exposed, conduct a dark web scan to determine what private information scammers may know. A dark web scan is a tool that scans the dark web and informs you if your personal information has been found. We recommend using Keeper’s free dark web scan, which scans its database for your information and determines whether it’s found on the dark web. If your information is found, you will receive near-immediate results detailing which PII has been compromised.

Be on the lookout for brushing scams

Receiving a surprise package may seem exciting, but it’s most likely a sign that you’ve been targeted by a brushing scam. These scams are dangerous because they can expose your PII, leaving you vulnerable to other types of fraud. If you receive an unexpected package, notify the retailer, update your passwords, enable MFA and monitor your bank statements for signs of fraudulent activity. Consider using Keeper to create, store and securely manage strong passwords, providing an added layer of protection for your accounts.

Start your free 30-day trial of Keeper Password Manager today to protect your online accounts and private information from scammers.