A Which? Money member contacted us when Amazon Prime deliveries they didn’t order turned up on their doorstep. Do you know what a ‘brushing’ scam is? We explain the details.
An Amazon Prime member recently let our Which? Money team know that they’d been sent two items they didn’t order and hadn’t paid for; a carbon monoxide detector and some gaming headphones.
When they called Amazon, they were told that the account used to purchase them wasn’t theirs, and that they were paid for with gift vouchers.
Three days later, they received two more packages – braids and a screen protector – but they refused to accept them. Again the member called Amazon, which put a block on the spurious account.
The member then changed their password and ordered a new credit card. No more orders arrived, but why were they sent to them in the first place?
Brushing scams explained
At first glance, receiving packages you haven’t paid for might seem like a great problem to have. But it’s likely to be a new scam known as ‘brushing’.
This type of fraud involves Amazon sellers setting up accounts in a stranger’s name, then sending their products to an unsuspecting recipient.
They then use this account they’ve set up to write fake ‘verified reviews’ in a bid to improve their seller ratings.
In this case, it’s likely that the member’s name and address had been leaked somewhere. We contacted Amazon and it assured us that the member’s genuine account hadn’t been compromised.
With the member’s permission, we also checked their email address on haveibeenpwned.com, a website that tells you whether your data has been part of a breach. In this case, the data had been involved in at least four.
What to do if you’re a victim of ‘brushing’
It’s always good to be cautious where personal data is concerned, so the member was right to report the incident to Amazon, change their password and order a new credit card.
Identity theft is a serious threat as once a criminal has access to your personal information, they can do everything from open an account in your name and run up debt, or use it to get copies of your official documents.
You can read more on what identity theft is and what to do if you think your information has been compromised in our guide.
Have you had free packages turn up in your name? If so, what did you do? Would you report them or keep them?