/ Money

Beware this new Amazon ‘brushing’ scam

A Which? Money member contacted us when Amazon Prime deliveries they didn’t order turned up on their doorstep. Do you know what a ‘brushing’ scam is? We explain the details.

An Amazon Prime member recently let our Which? Money team know that they’d been sent two items they didn’t order and hadn’t paid for; a carbon monoxide detector and some gaming headphones.

When they called Amazon, they were told that the account used to purchase them wasn’t theirs, and that they were paid for with gift vouchers.

Three days later, they received two more packages – braids and a screen protector – but they refused to accept them. Again the member called Amazon, which put a block on the spurious account.

The member then changed their password and ordered a new credit card. No more orders arrived, but why were they sent to them in the first place?

Brushing scams explained

At first glance, receiving packages you haven’t paid for might seem like a great problem to have. But it’s likely to be a new scam known as ‘brushing’.

This type of fraud involves Amazon sellers setting up accounts in a stranger’s name, then sending their products to an unsuspecting recipient.

They then use this account they’ve set up to write fake ‘verified reviews’ in a bid to improve their seller ratings.

In this case, it’s likely that the member’s name and address had been leaked somewhere. We contacted Amazon and it assured us that the member’s genuine account hadn’t been compromised.

With the member’s permission, we also checked their email address on haveibeenpwned.com, a website that tells you whether your data has been part of a breach. In this case, the data had been involved in at least four.

What to do if you’re a victim of ‘brushing’

It’s always good to be cautious where personal data is concerned, so the member was right to report the incident to Amazon, change their password and order a new credit card.

See all our Consumer Rights scams advice

Identity theft is a serious threat as once a criminal has access to your personal information, they can do everything from open an account in your name and run up debt, or use it to get copies of your official documents.

You can read more on what identity theft is and what to do if you think your information has been compromised in our guide.

Have you had free packages turn up in your name? If so, what did you do? Would you report them or keep them?

Comments

I received a parcel from Amazon but it was addressed to my husband, who did have an Amazon account but I closed it when he died 3 years ago. After that, 2 more arrived, each containing a Twirl chocolate bar of all things! I put them in the pillar box clearly marked “deceased” and so far no more. I couldn’t see any activity on the bank account fortunately. I did also report it to Amazon but didn’t get a response.

David Mills says:
7 February 2021

Unexpected parcels might also be genuine gifts from friends and relatives that don’t realise the senders name does not appear.

Two years ago I received an email from Amazon acknowledging the safe return of two Wifit units priced at £299.95 each. A refund would follow.
I had neither ordered nor received nor returned these units.
My Amazon account contained no record of this order
Checking my bank account I discovered that Amazon had indeed removed £599.90 from my bank account 6 weeks previously.
A few days later the refund was made.
Apparently there is a separate Amazon Payments site which was the source of the email and the charge and the refund.
The lesson is to NEVER leave card or bank details with Amazon.

We received 2 parcels from Amazon, they weren’t addressed to us but it was our address.
I contacted Amazon who said we could keep, donate or throw the items away, and they would look into it.
We then received 1 more parcel after that.