Securing Our Communities: Brushing Scams

Each week, the NTIC Cyber Center highlights a different social engineering scam impacting individuals and communities within the National Capital Region. We encourage everyone to share this information with friends, colleagues, and loved ones to help reduce their risk of becoming a victim of financial fraud and identity theft.

A brushing scam is a deceitful technique that some e-commerce vendors use to boost their sales and consumer ratings by creating fake orders and reviews. One of the earliest and largest cases of brushing was identified in 2015 when Chinese online marketplace Alibaba filed a lawsuit against a company that had hired approximately 5,000 people to write fake product reviews to boost sales through their website.

A vendor or company attempting a to conduct a brushing scam may place small fake orders using fraudulently obtained personal information such as names, addresses, and phone numbers. Since an e-commerce order is not considered valid until shipment, vendors using the brushing scam will often ship empty boxes or lightweight, inexpensive items to reduce delivery charges. The US Department of Agriculture (USDA) recently issued a warning regarding a new and an ongoing brushing campaign in which unsolicited packages of seeds that appear to originate from China are being delivered to US citizens across the country. The USDA warns that these suspicious seeds should not be planted or improperly discarded as they may be seeds from of an invasive plant species that could be harmful to local plant or animal species and could ultimately lead to an increase in the cost of food production if crops are affected. The NTIC Cyber Center is providing the following tips to help recognize the potential warning signs of this and other brushing scams:

  • Beware of any unsolicited packages, specifically packaged seeds. Do not discard the seeds in the trash as they could grow within landfills. Also, do not flush them down a drain or toilet.

  • If you do receive an unsolicited package containing seeds, please contact your state plant regulatory official, APHIS state plant health director, or your local law enforcement agency. Amazon customers are encouraged to contact Amazon Customer Service.

  • Proactively change passwords and enable two-factor authentication (2FA) for any e-commerce account you believe may have been abused to conduct the scam.

  • Monitor associated financial accounts for suspicious or unauthorized charges.

For more information about brushing scams, please visit the Better Business Bureau’s website here.

The NTIC is governed by a privacy, civil rights, and civil liberties protection policy to promote conduct that complies with applicable federal, state, and local laws. The NTIC does not seek or retain any information about individuals or organizations solely on the basis of their religious, political or social views or activities; their participation in a particular noncriminal organization or lawful event; or their race, ethnicities, citizenships, places of origin, ages, disabilities, genders, or sexual orientations. No information is gathered or collected by the NTIC in violation of federal or state laws or regulations.