If you’ve ever received a parcel from a shopping platform that you didn’t order, and nobody you know seems to have bought it for you, you might have been caught up in a “brushing” scam.
It has hit the headlines after thousands of Americans received unsolicited packets of seeds in the mail, but it is not new.
It’s an illicit way for sellers to get reviews for their products.
It doesn’t mean your account has been hacked.
Here’s an example of how it works: let’s say I set myself up as a seller on Amazon, for my product, Kleinman Candles, which cost £2 each.
I then set up a load of fake accounts, and I find random names and addresses either from publicly available information or from a leaked database that’s doing the rounds from a previous data breach.
I order Kleinman Candles from my fake accounts and have them delivered to the addresses I have found, with no information about where they have been sent from.
I then leave positive reviews for Kleinman Candles from each fake account – which has genuinely made a purchase.
This way my candle page gets filled with glowing reviews (sorry), my sales figures give me an algorithmic popularity boost as a credible merchant – and nobody knows that the only person buying and reviewing my candles is myself.
It tends to happen with low-cost products, including cheap electronics.
It’s more a case of fake marketing than cyber-crime, but “brushing” and fake reviews are against Amazon’s policies.
Campaign group Which? advises that you inform the platform of any unsolicited goods when they arrive.
It first investigated the practice in 2018, and found that in some cases, the people affected had been victims of data breaches elsewhere, meaning at least some of their personal data was available in unexpected places.
“It’s an old fashioned scam – making people believe in something is a way of getting them to buy,” said Prof Alan Woodward, a cyber-security expert at Surrey University.
“Like it or not, we do all look at the reviews, even though we are getting more savvy about it, and if it says it’s from a verified purchaser, we’re less likely to think twice.”
Can you keep it?
According to Citizens’ Advice, if an item is addressed to you, and there has been no previous contact with the company, and it arrives out of the blue, then you can keep it.