Online fraud is on almost everyone’s lips. It’s no longer just about online banking transactions or fraudulent phone calls. Cybersecurity specialists explain that criminals use leaked databases to select their targets and send them packages that may appear legitimate. With technology and the new way of shopping online, criminals are taking advantage of this window of security. The United States Postal Service (USPS) warns about these scams using unsolicited packages and fake QR codes, aimed at stealing personal data.
This scheme primarily affects consumers who receive boxes or envelopes from unknown senders, containing a QR code inside
This can be a really big problem, considering that practically everyone these days shops online without much concern. This scheme primarily affects consumers who receive boxes or envelopes from unknown senders, containing a QR code inside that, when scanned, can provide access to personal and financial data. Although at first glance these appear to be ordinary gifts or promotions, they can actually be part of digital fraud schemes and even identity theft.
These scams have grown especially during high-volume shipping seasons like Black Friday or Christmas
Specifically, the practice involves sending unexpected packages accompanied by QR codes that, when scanned, redirect to fraudulent sites or trigger malicious software downloads. These scams, known as “brushing scams,” have grown in recent years, especially during high-volume shipping seasons like Black Friday or Christmas. Thieves essentially adapt old scams to updated technological habits, taking advantage of the widespread integration of QR codes into payment processes, transactions, and online services.
Criminals, mostly operating from abroad, use real names and real addresses obtained online
Nowadays, the personal data of almost anyone with a smartphone, social media, or an online purchase can be accessed by many people looking to do harm. Criminals, mostly operating from abroad, use names and addresses obtained online to send seemingly free products for deceptive purposes. Although there are no official data, several reports cite both warnings from the Federal Bureau of Investigation (FBI) and private sector investigations. The main objective is not to deliver a product, but to exploit the recipient’s personal data.
Certain measures have already been implemented to prevent and alert citizens
This new modality involves creating fraudulent reviews using the identities of real people to inflate the reputation of certain products, locations, or online stores. Now, the goal is to gain unauthorized access to accounts and credentials. The objective of using real data is that criminals “need” real names and correct addresses so that the reviews appear legitimate and pass the platforms’ authenticity filters. Certain measures have already been implemented to prevent and alert citizens; regulatory authorities such as the Federal Trade Commission (FTC) have increased their vigilance, and preventive campaigns are underway to address these types of risks, which can have serious consequences.
If in doubt, it’s best to review all information before opening a package or scanning a QR code
It’s important to remember that if you receive an unordered package with a QR code that you must scan, it’s recommended not to do so under any circumstances until you can verify its origin. Upon scanning, the victim is redirected to a fake website that mimics the appearance of real institutions, such as banks, government agencies, or courier companies. In other cases, the process initiates the download of a file containing malicious software, capable of recording activity, collecting sensitive information, or accessing bank accounts. Users can thus be tricked into entering personal data, passwords, or financial information. So, if in doubt, it’s best to review all information before opening a package or scanning a QR code.
