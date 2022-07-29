



Getting a package from Amazon without paying is not necessarily a good thing. (Getty Images)

If you’ve ever received a package you didn’t order on a shopping platform like Amazon and no one sent it to you, you may have been caught in a ‘brushing’ scam.

Of course, receiving unpaid parcels may not seem like the worst problem, but being a victim of scams isn’t ideal.

It may not have any financial impact, but it leads to the question of who has your address and personal data.

One million households report that Amazon alone could be the victim of a ‘brushing’ scam. last year.

However, there is some confusion about what a scam is and how it can affect the average online shopper.

Yahoo UK spoke with experts to explain everything you need to know about brushing your teeth and other online scams.

What is brushing?

According to David Emm, chief security researcher at Kaspersky, brushing teeth is actually a marketing scam, not a scam aimed at recipients of unwanted goods or a scam aimed at stealing from consumers.

“The purpose is, for example, that the perpetrators, who are sellers on Amazon, create fake reviews of products to increase their ratings.

“The reviews say it’s a fake because it’s real, but it’s made by the seller.”

Corrupt sellers using Amazon ‘brushing’ scams are a reminder to stay safe online. (Getty Images)

How does it work?

For example, Amazon’s third-party sellers work to send people products they haven’t actually purchased.

As Vonny Gamot, McAfee’s head of EMEA, explains, “It may sound like a good thing, but it’s actually the tactics you use to make certain products appear more popular than they really are, which can boost your rankings to unsuspecting customers.”

“When a seller sends a parcel to someone else’s address, it’s considered a legitimate purchase and the product uses more Amazon algorithms, resulting in more genuine purchases.”

Merchants look for names and addresses in publicly available sources, such as electoral rolls and phone books, or in data leaks from hacked providers.

the story goes on

The seller then orders (own) goods from the fake account he has set up and ships the goods to people on his address list.

Finally, they write product reviews on fake accounts (eg accounts used to pay for goods) to increase their ratings.

How does brushing teeth affect online customers?

You might ask why this is a concern for online safety. Gamot says the personal information used in these scams is often discovered by sellers through publicly available forums, marketing mailout lists, or data obtained through breaches.

“Once you have access to this information, you may be at an increased risk of using your details to guess your password, access your bank account information, or find a social media profile to create a fake identity with your name,” he explains. do.

Of course, as Emm points out, the seller may have obtained customer details from criminals who had the consumer’s account or otherwise compromised the website.

which? When we first looked at practices in 2018, we found that those affected were often victims of data breaches elsewhere.

How does it affect customers?

The recipient of the prize is not actually a victim of cybercrime and is simply used as a cover-up for marketing scams.

Nevertheless, Emm recommends that recipients of unsolicited merchandise should report it to Amazon (or other sellers). If your account is compromised, it may not be obvious at first, so change your password and set up two-factor authentication if you haven’t already enabled it.

An Amazon spokesperson told Yahoo UK: “Third party sellers are prohibited from sending unsolicited parcels to customers and we are taking action against those who violate our policies, including withholding payments, suspending or removing sales rights, and working with law enforcement agencies. take,” he said.

Do you consider yourself a victim of a ‘brushing’ scam? (Getty Images)

The dangers of ‘brushing’ and other online scams

Brushing scams may seem fairly harmless, but Carl Wearn, head of electronic crime at Mimecast, said if customer data is exposed, it can be used for less ‘victimless’ scams such as ‘credential stuffing’ (as defined below). more serious consequences.

‘Credential stuffing’ occurs when cybercriminals from one organization use a stolen username and password (obtained from a compromise or purchased on the dark web) to access user accounts in another organization.

This happens often because many consumers tend to use the same password for different accounts.

The best way to protect against credential stuffing attacks is, ideally, to use a password manager to ensure that each digital account has a unique password.

You can also turn on two-factor authentication if available.

Two-factor authentication is an additional layer of security used to verify that you are the person trying to gain access to your online account.

After setting up a username and password, the customer must also provide other information to prove their identity.

This second element could be in the form of a personal identification number (PIN), an answer to a ‘secret question’, or something you have in your possession, such as a credit card.

Example: People are receiving Mystic Seeds in the mail.

How to protect yourself online

McAfee shares below additional advice on how to protect your information online.

Don’t over-share on social media

Excessive sharing online can help us very quickly paint a picture of who we are and our details. Keep sensitive data such as date of birth, address, occupation or family name private. Also, reconsider whether you really want to disclose your relationship status.

Protect your identity

Protect yourself and your sensitive personal and financial information with an identity theft protection package. You must also provide a recovery tool if your identity has been compromised.

People are getting unsolicited parcels from your posts. (Getty Images)

Unique login settings for each app you use

It may seem painful, but setting a different password for each app or account you use is a great way to protect yourself and your data online. If you are no longer using your social media account, please delete your information and deactivate your account.

Device protection

Before any new Internet of Things (IoT) (also known as Internet-connected physical device) device can connect to the network, the default username and password must be changed to something strong and unique.

Hackers often know the preferences of various IoT devices and share them online for others to expose.

Turn off other manufacturer settings that don’t help you, such as remote access that cybercriminals can use to gain access to your system.

We hope these measures will help you avoid being the target of ‘brushing’ scams or more serious online attacks.

