The FBI has issued a fresh warning to smartphone users about a dangerous twist on an old scam known as “brushing.” Traditionally, brushing involved shady online sellers sending products to people who never ordered them, then using their names to post fake glowing reviews. While that was bad enough, the new version is far more dangerous – it’s designed to steal your personal and financial data.
According to the FBI’s Pittsburgh field office, scammers now send unsolicited packages containing QR codes instead of just random merchandise.
These packages arrive without a return address or any details about the sender, tempting recipients to scan the QR code to learn more. Once scanned, the code can trick victims into sharing sensitive data and may install malicious software on their devices, giving criminals a direct route into bank accounts, crypto wallets, and other financial platforms.
The FBI advises smartphone owners to be vigilant: never scan QR codes from unknown sources, especially those that arrive with unexpected packages. Be wary of items you didn’t order, avoid granting unnecessary phone permissions, and always verify the legitimacy of websites and apps before engaging with them.
If you suspect you’ve been targeted, secure your accounts immediately – change your passwords, review your financial records, and request a free credit report from Equifax, Experian, or TransUnion to check for suspicious activity. The FBI also urges victims to report incidents via the FBI’s IC3 website (www.ic3.gov), including as much detail as possible: names, contact methods, related websites, email addresses, phone numbers, and any apps you may have downloaded.
This updated brushing scam is a sobering reminder that cybercriminals are constantly evolving their tactics. One careless scan could lead to drained bank balances, compromised investment accounts, or stolen crypto holdings – with little hope of recovery. Awareness and caution are your best defenses.