Brookfield police are warning residents about unsolicited packages that may arrive with electronic devices capable of exposing personal information if plugged into a computer.
The scam is known as “brushing,” a scheme in which packages are sent to people who never ordered them. Some versions are used to create fake verified online reviews, but police said some packages may contain electronic devices that create a cybersecurity risk.
According to News 12, Brookfield police said unknown devices could contain malware and expose personal information if connected to a computer.
If something arrives that was never ordered, do not plug it into a computer, phone, tablet, or any other electronic device.
The Package May Be Part Of A Fake Review Scheme
View this post on Instagram
Brushing scams often start with sellers sending cheap items to real addresses so they can create fake online orders and post fake verified reviews.
The recipient may wonder why the package arrived, but the shipment can also mean someone already has the person’s name and address. The U.S. Postal Inspection Service says brushing scams have also evolved to include QR codes that claim to reveal who sent the package or provide more information about the item.
That same curiosity can make people scan a code, open a link, or connect a device that should have stayed in the package.
The Device Is The Dangerous Part
Brookfield police said some unsolicited shipments may contain electronic devices that pose a cybersecurity risk.
If plugged into a computer, police said malware could expose personal information. That could include login details, financial information, private files, or other data stored on the device or accessible through the computer.
Any unknown USB drive, charger, memory device, cable, adapter, or small electronic item should stay unplugged unless the sender can be verified through a source the recipient finds independently.
QR Codes Can Create The Same Problem
The Federal Trade Commission has warned about unexpected packages that include QR codes. The code may claim to show who sent the gift or provide more details about the company.
The FTC says scanning an unknown QR code can send people to a phishing website that steals usernames, passwords, credit card numbers, or other personal information. It could also download malware onto the device.
The U.S. Postal Inspection Service gives the same warning for brushing packages: do not scan a QR code that arrives with an unordered item, and do not enter personal or financial information on a website reached through that code.
What To Do If One Arrives
Anyone who receives an unordered package can check their shopping accounts first, including Amazon, Walmart, eBay, Temu, TikTok Shop, or any retailer they use regularly, to make sure no order was placed without permission. If an account shows no matching order, the package should be treated as unsolicited.
The recipient should keep the label, tracking number, sender name, and packaging long enough to report the shipment to the retailer or delivery company. If the package appears to come from an online marketplace, the report should go through that platform’s official website or app, not through a QR code, phone number, or link inside the package.
If an unknown device was already connected, the next steps should happen from a separate trusted device: change important passwords, turn on multi-factor authentication, check bank and credit-card activity, and contact a trusted IT professional if the computer may have been exposed. Suspicious activity can also be reported to the FTC at ReportFraud.ftc.gov.
The package may look like a mistake or a free gift. Brookfield police say anything electronic inside it should stay unplugged.