/ Money

Beware this new Amazon ‘brushing’ scam

A Which? Money member contacted us when Amazon Prime deliveries they didn’t order turned up on their doorstep. Do you know what a ‘brushing’ scam is? We explain the details.

An Amazon Prime member recently let our Which? Money team know that they’d been sent two items they didn’t order and hadn’t paid for; a carbon monoxide detector and some gaming headphones.

When they called Amazon, they were told that the account used to purchase them wasn’t theirs, and that they were paid for with gift vouchers.

Three days later, they received two more packages – braids and a screen protector – but they refused to accept them. Again the member called Amazon, which put a block on the spurious account.

The member then changed their password and ordered a new credit card. No more orders arrived, but why were they sent to them in the first place?

Brushing scams explained

At first glance, receiving packages you haven’t paid for might seem like a great problem to have. But it’s likely to be a new scam known as ‘brushing’.

This type of fraud involves Amazon sellers setting up accounts in a stranger’s name, then sending their products to an unsuspecting recipient.

They then use this account they’ve set up to write fake ‘verified reviews’ in a bid to improve their seller ratings.

In this case, it’s likely that the member’s name and address had been leaked somewhere. We contacted Amazon and it assured us that the member’s genuine account hadn’t been compromised.

With the member’s permission, we also checked their email address on haveibeenpwned.com, a website that tells you whether your data has been part of a breach. In this case, the data had been involved in at least four.

What to do if you’re a victim of ‘brushing’

It’s always good to be cautious where personal data is concerned, so the member was right to report the incident to Amazon, change their password and order a new credit card.

See all our Consumer Rights scams advice

Identity theft is a serious threat as once a criminal has access to your personal information, they can do everything from open an account in your name and run up debt, or use it to get copies of your official documents.

You can read more on what identity theft is and what to do if you think your information has been compromised in our guide.

Have you had free packages turn up in your name? If so, what did you do? Would you report them or keep them?

Comments

The opposite happened to me, my order was given wrong number, then new number given in its place tracked but been delivered to a different address than mine, different area of UK, Amazon seller has now left Amazon, I have been granted a refund, but something very dodgy happened as same seller got other bad ratings from other customers too, scam of some kind, but product has arrived from China into UK and gone somewhere, I wondered if some of these mystery parcels are just mistaken deliveries going missing like mine? Anyone in Gloucester area received a Cat Water fountain in error? Long shot I know!😊

Martin says:
10 October 2020

I have not had the brushing yet. The other day I got an automated call saying my Apple I pod was on its way and I had been debited £199. I knew full well not only had I not ordered one but Amazon do not do this. I did NOT press the button to speak to Amazon CS. I know I would have got some Rsole scammer. I put the phone down and then checked my orders on the Amazon Smile account. It came on a mobile number which no doubt would lead back abroad. Possibly they had a fail safe. If you ring it it is a £100 a minute or something.

I received an email because I had reviewed items on Amazon asking me would I like to receive free items on the understanding that I would review them [presumably favourably] on Amazon. I just deleted the email.

George says:
10 October 2020

I use EBay in preference to Amazon. These are small businesses and often delivery is free if you don’t have Prime. They’re also more likely to pay UK tax.

Steve says:
10 October 2020

I was victim to this in Novemeber last year. I was sent a package I didn’t order from Amazon and stupidly opened it up, as I thought it was a gift from a friend.
I received an email from Amazon a few days later to say my Account had been compromised, but had been checked BUT I did not need to change my password. I changed it anyway, regardless of what Amazon said.
I contacted Amazon about both the email and the package, they agreed that the email had come from them and that they knew who the perpetrator was, but due to GDPR, they could not tell me who sent it. I asked Amazon to warn this person if they send another package to me they would revoke their Account, but Amzon would NOT confirm this would happen. However, I did not received another package from this person, so Amazon must have taken action in some way.

I had a parcel from Amazon that I hadn’t ordered I had opened it thinking it might be an order I was waiting on being delivered early, I contacted all my family members who would be likely to send me a parcel, none had, then contacted Amazon who asked if I knew a person with an Asian name I had never heard of, they said there was problem at their end and it was a genuine order but sent to me by mistake. A couple of days later I received another parcel, contacted Amazon and got the same story. On both occasions I was told to keep the items or donate them which is what I did the total value came to just shy of £100. My grandkids will be happy with their share the rest went to a neighbour and charity shop. Personally I do not believe the Amazon excuse. but luckily I had Just changed my credit card because I had found a strange transaction on my card account where £10 had been debited and credited within 24 hours, when I phoned my bank I was told they had had a few of them that week apparently it is called card testing. Card testing is a type of fraudulent activity where someone tries to determine if stolen card information can be used to make purchases. Other common terms for card testing are “carding”, “account testing”, and “card checking”.
Fraudulent activity such as card testing is an unavoidable part of online commerce. At Stripe, we’re constantly improving our tools and systems to detect and reduce fraud, but you must remain vigilant with respect to fraud.

Arthur Morris says:
10 October 2020

I have now received 3 items ordered on e-bay which have been delivered in Amazon boxes with Amazon delivery labels and Amazon sales material inside. I think this is a scam where there is profit in the cost difference between the item price and delivery charge on Amazon and the price the seller is paying to Amazon to fulfil the order. If i wanted to order from Amazon and let them have my personal details I would but I do not like Amazons aggressive selling of prime and none optional retention of card details plus there unfair competitive position of not paying the UK taxes their competitors have to charge.

Chris Brimley says:
10 October 2020

I feel there may be more to this than meets the eye. I have strong reason to suspect that Amazon systems or data have been compromised. I have had 2 cases where immediately after ordering stuff online from Amazon, using what I believed to be otherwise non-compromised personal details from my Amazon account, I received within seconds in each case scam phone calls telling me my Prime account had been suspended. When I contacted Amazon they tried to tell me that it was just coincidence, which I said I could not accept, given the circumstances. Twice I asked them to escalate the issue, and on the second time when I challenged their customer care manager (they won’t let you speak to anyone dealing with internet fraud), he eventually told me that their technical department was already working on this issue. Your assumption that the customer’s account has been compromised may not be the reason.

Bill says:
12 October 2020

On delivery of an Amazon order I also received 2 phone calls regarding my Amazon prime account these calls were within minutes of the delivery . I hung up and ignored the calls.

christine campbell says:
10 October 2020

You can ready more on what identity theft is and what to do if you think your information has been compromised in our guide.

Spelling

The last 3 times I ordered on line with Amazon.com, I immediately receive a message from PayPal saying my account is suspended and to reply to the msg with correct credit card details. (I don’t use PayPal).

David says:
10 October 2020

My experience with Amazon Prime was not ‘Brushing’ but ‘Phishing’ so leaves me feeling very suspicious about Amazon’s data security.
I made a purchase with Amazon and mistakenly (easily done!!) opted for Prime delivery and free trial.
After realising the mistake I immediately cancelled the Prime account.
A few weeks later I got a landline telephone call (number withheld) from a person with foreign accent and a lot of background noise (call centre?) who knew my name (and presumably my telephone number) and wanted to arrange for a refund of the payment I had made for the Amazon Prime account that I had cancelled.
I had not made any payment so immediately identified the call as a phishing scam and hung up.
A check with Amazon confirmed this BUT….. How did this caller get access to my Amazon Prime account information?? Needless to say, Amazon denied any fault on their part.

Paul says:
10 October 2020

In the past two weeks I’ve received:- mite bug spray, two chargers for rechargeable batteries, a HD web cam for a laptop, a big box with a back straightener correcter, a beard straightener and a ps4 wireless controller, then today 10/10/20, received 4 halloween ghost lanterns. I haven’t shopped with them for around 6yrs and I don’t have a credit card, only debit card. No money has been removed from my account !!??? Oooer ?

Ken
I have also received two unsolicited parcels from Amazon Prime., a soil ph tester and a TV internet range extender. Advice from Amazon was to keep the parcels. I gave the soil tester to a gardener/handiman who does not have access to the internet, and the TV range extender wound up in the electrical recycle dum of the local council. I offered to send the parcels back to Amazon but they declined to accept them.

Do you think Amazon gives a toss whether their website is being used fraudulently? They are more interested in making money and will only do something about a scam when they’ve been ‘called out publicly’. Successive governments have gone soft on regulating Amazon and other websites for whatever reason I can only imagine!!!

Denise Green says:
10 October 2020

I had scam telephone calls on my landline 2 days running from the same Asian sounding man saying he was from Amazon. I had spoken to Amazon the previous day regarding a problem changing the delivery date of an order. The number that came up on my screen said it was a local area number. When I asked him what number he was callling from he gave me a London number. When I said that was different from my screen he said it changes all the time and gave me another London number which he said was his head office, so I could check it was true. (Obviously I did not ring either). The 2nd day another local number came up. Both times after the calls I rang my landline from my mobile to check that the line had cleared before using it again. Both times he said my computer had been compromised and someone was ordering lots of goods on my account. I believe he was getting to the point of asking me to let him have access to my computer, I hung up. I rang my credit card company and they confirmed only the intended order had gone through but they put a note on the account re possible fraud attempt. I rang my telephone provided. Both the London numbers he gave me were on a Scam site and both local numbers that appears on my telephone screen were unobtainable numbers. I rang 101 to report and they put me through to Action Fraud. Amazon site advises you to contact Action Fraud but Action Fraud were furious that a large organisation like that did not have their own Fraud department. Although I feel I am savy to fraud/scam etc and I think I did all I could in the circumstances, it still made me very paniced and upset. It was too much of a coincidence I had been in touch the previous day and believe Amazon know they have unscrupulous staff that pass details to potenial fraudsters, they do not care. I rang Amazon the following day to report my problems and had an email back saying they had investigated and the man did not ring from Amazon!

David John Owens says:
11 October 2020

I ordered a projective cover to my new Samsung A20e mobile phone, from Amazon Prime it arrived within a day, the problem was it was for a different Samsung mobile the A40. which has a different camera lens configuration, and blocked the lens on my A20e new mobile, It was easy to get my money back as they had sent out the wrong mobile cover, it was returned to my bank account the next day the one used to pay.

The problem I had was that Amazon Prime gave me an account, which they stated could be cancelled with in their 30 day cooling- off period, seems reasonable, the difficulties trying to make contact with amazon took about more than a week to make contact final using a chat line it was impossible by phone, the always stated that due to the Pandemic the staff working from home.

I’ve had similar problems with 02 and Virgin Mobile there is no one to contact to short out simple issues with a basic conversation of acouple of minutes.

On different note.I ordered two pairs of trousers gave them accurate measurements, they sent The wrong sizes.I returned them with a note explaining what was wrong reiterated the measurements they then sent two more pairs same sizes as the first time,I sent them back again and requested a refund (4 times) I still have not had my refund 25 GBP and that was June 2020.Needless to say I shall not shop with Amazon again!

£25 for two pairs of trousers! No wonder they’re out of stock. Stand by to receive a pair of fake branded sunspecs.

I ordered 4 pairs of trousers from M&S, one full price and 3 on sale at £9 each – yes, £4.50 a leg – and they had a concurrent offer of buy any three items and the cheapest was free. Decent trousers too. Just be careful who you buy from.

I bet the total price was over £50, Malcolm. I have more pairs of trousers than I know what to do with but find I can only wear one pair at a time. Having lost some weight I am wearing really good trousers, that are now oversized, for work in the garden. With some extra holes in the belts they are good for a year or two yet. I am also waiting for flares and turn-ups to come back in style.

Nowadays the flares should only be used in emergency. The RNLI may attend.

Is there a quick an easy way to report to Amazon that you have received something that you hadn’t ordered? It happened to me a couple of times a while back, and none of the standard options for reporting issues back to Amazon were applicable as they generally needed the issue to be linked to an order you *had* made…

NG – Throw them into confusion. Send it back and ask for a full refund.

Ummm . . . Amazon charged me for the faulty monitor I sent back. 🙄

This Convo is approaching two years old and the ‘brushing’ scam is still going on. Perhaps Which? could provide their current advice for those who receive an unexpected item from Amazon.

I recently accepted an offer to try Amazon Prime free for a month. Towards the end of the month I received a call on my landline and when I answered I heard an automated message from ‘Amazon’ asking me to press 1 if I wished to cancel Amazon Prime rather than continue and pay for it. I hadn’t even used it during the free month so I pressed 1 to ‘speak to a manager to cancel’. A lady answered and was happy to help if I was sat at my computer and she was politely insistent that I opened it up so that she could ‘guide’ me through what I needed to do.
I immediately hung up on her. She was apparently on a UK landline number but it was dead when my husband called it back to check.

Doreen – Throughout this Conversation there have been various indications that Amazon’s Prime system has been subject to interception and false customer service calls. This cannot just be a coincidence and your experience appears to confirm that there is fraudulent activity occurring either inside the company or through external hacking that has penetrated the system, has not been detected, and remains in use by criminals.

I find they almost force you to use Prime. It’s very easy to inadvertantly join. I’ve never trusted it because nothing is free when you look into it. It’s just a hook to get you into other things where you can be sure you will be paying more in the long run.