Login
Register
Kaman's Art Shoppes Help Desk Help Desk Knowledgebase Cyber Security
Handle With Care, This Package is a Scam
Suggested knowledgebase articles:

Handle With Care, This Package is a Scam

The Setup: Imagine finding a package on your doorstep that you didn’t order. It’s addressed to you, has no return address, and contains a cheap item—maybe a phone stand, a ring light, or a set of charging cables.

Most people’s first instinct is: "Who sent this? Is there a gift receipt?" Inside, you find a small card with a QR code that says: "Scan to see your gift message""Scan to confirm delivery" or "Claim your 1-year warranty".

The Scam: From "Brushing" to "Quishing": In the past, this was called a "Brushing Scam," where sellers sent cheap items to boost their search rankings with fake "verified" reviews. However, cyber criminals have added a dangerous new layer: Quishing (QR Phishing).

The Bait: The physical item builds a false sense of security. Because the scammer spent money to send a physical object, you assume it’s a legitimate shipping error or a gift.

The Trap: When you scan the QR code, you aren't taken to a gift message. Instead, you are directed to a spoofed website designed to steal your Amazon, Google, or banking credentials. In some cases, the site may attempt to install "malware" on your device to track your keystrokes.

How to Protect Yourself

  • Stop Before You Scan: Never scan a QR code from an unknown source. Treat a physical QR code with the same suspicion you would a link in a "spam" email.
  • Verify the Source: If you suspect it’s a gift, contact friends or family via text or phone—do not use any contact information provided inside the package.
  • Don't "Return to Sender": If there is a return address, it's often fake or belongs to another victim.
  • Inspect the Packaging: Look for "TOSS" (Terms of Service Scam) indicators like broken English, blurry logos, or a lack of a packing slip.
  • Check Your Accounts: Log in to your shopping accounts (Amazon, eBay, etc.) via their official apps or websites to check your "Orders" history. If it's not there, the package is a scam.
  • Secure Your Data: Receiving these packages means your name and physical address are likely on a "sucker list" from a previous data breach. Now is a great time to update your passwords and enable Multi-Factor Authentication (MFA).

Note: According to the FTC, if you receive unordered merchandise in the mail, you have a legal right to keep it as a free gift. You are under no obligation to pay for it or return it. Just be sure to throw away the QR code!

Was this article helpful? Yes | No

Article Details

Article ID:
30
Category:
Cyber Security
Date added:
December 29th, 2025, 4:31 pm
Views:
4
Rating (Votes):
(0)