Summary – Key Takeaways

• Brushing scams appear harmless, but they rely on stolen personal data to create fake “verified” purchases and reviews.

• Scammers often obtain your details through fake job offers, social engineering, or recruitment into fake review schemes.

• Once they have your data, it can be sold or reused, pulling you deeper into targeted scams even if you never accept the job.

• Brushing scams help companies manipulate online marketplaces, giving their products artificial credibility and higher rankings.

• Some scammers add QR codes to packages, leading to phishing sites that capture even more personal information or attempt to steal money.

• Every online interaction leaves a data trail, and scammers exploit this to build profiles that increase the effectiveness of their schemes.

• Recognizing the signs of brushing scams and being cautious of suspicious packages, offers or QR codes can help you stay protected.

1. What Is a Brushing Scam?

To be clear, this article is not about whether toothbrushes are a scam. I'll leave that to your dentist. However, dive with me into the world of brushing scams where disreputable companies and their agents use you to brush up their financials.

Brushing scams gained popularity in recent years and to some, the economics of the scam have remained a mystery. Why would someone go out of their way to pay both for an item, and then to pay also, to send the item to me. Just for the sake of a fake review. When we think about it, the cost benefit analysis must have been taken by the scammer for them to decide that the marginal revenue they gain from each fake review is greater than the cost of buying and shipping that item to you. This is what makes the brushing scam so unique. It combines two scams in one. Fake reviews are a scam in and of themselves, and now when you add this aspect of targeted scamming based on stolen data. We can come to understand some of the deeper dynamics at play with regards to scams and organized criminality.

2. How a Brushing Scam Works (Step-by-Step)

First, let's unpack the brushing scam! A brushing scam occurs when a scammer steals your personal data from the internet. Specifically, your name and address. Using this information, they send you packages from any company. This company has paid for their services. The service the scammer sells to the company is “fake reviews” to boost online ratings. When the company pays for this service, the scammer sends you the free package so that it seems like a verified order from the company to you. Which allows the scammers to write a review using the verified order you just received. This verified order can be used to write a review for any product of the company, regardless of what was sent in the package. This is why they send often send low value items. Additionally, the scammers send the package to you as an unknown sender, often with no return address, so you can never really track down which company paid for this so-called "verified review”. It could be a company whose brands you actually trust. These companies use the fake reviews as a signalling mechanism to potential customers. Therefore the package you just received allows them to "brush up" their sales through nefarious means. Here is a breakdown of the process

This description is apt because it highlights the fact that with a brushing scam, there are 3 parties involved and not 2. It is you, the scammer, and the underhanded corporation that paid for the scammers' services.

• Is the Brushing Scam Dangerous? Myths vs. Reality

The reason this is important is because most people get it wrong when they try to understand the problem of scamming. They think that a group of scammers are trying to steal directly from you for their personal gain because they have a duplicitous character and don’t wanna work to earn their money legitimately. That is true in some cases. However, we need to understand that there is an economics of scamming. Scammers operate in organized networks and the problem is that these organized networks are not just one entity. It's a group of individuals, organizations and institutions each pursuing their economics ends but which lie at the boundary of legality. Some institutions are within that boundary and some are outside of it, yet, at some point or another, each might need the other's capabilities. This is why scams persist. There is a whole ecosystem of companies that need the scammers' capabilities / services and they buy these “services” while sometimes not even knowing that scams are part of the mechanism of delivery. The scammer scams you and the disreputable company.

A good example we can point to is Data Brokers. We all know that our data is monetized and that companies all over the world buy, sell and trade our data for whatever price they agree on. However, have we stopped to ask exactly how this data was obtained? Indeed, some of the data would have been gathered legitimately, but it is easy to see how some of it was not. This answers the question of why scammers want your data. Yes, your data is on the internet, but how does this data get verified? Scammers collect your data, verify it and find ways to sell it to whoever will buy it (including data brokers). Some of the entities that purchase this data will be legitimate corporations and some will not. All data must be cleaned and annotated. The best datasets are datasets that have some form of human validation and you can think of scammers as outsourced data validation. In the sense that it is part of their business model. It is not the only source of revenue generation, but it is one of its revenue streams. This highlights the fact that there is a wider economic ecosystem that scamming is embedded into and which is why it such a persistent problem today.

3. Why Scammers Use Brushing to Create Fake Reviews

To probe this point further, we will continue by highlighting how some people get enrolled into being these fake review providers. This is an experience that has happened to an acquaintance of the writer of this post.

• How Fake Review Recruiters Trick You Into Brushing Scams

The year is 2024 and you’re scrolling through Facebook. You jump into a group dedicated to buying and selling second-hand books when you spot an unusual post: a “work-from-home job” promising €50 a day. Curious — and always open to a side hustle — you decide to message the poster.

They reply quickly. Everything sounds legitimate. The person explains that you’ll be working for a travel company, helping match tourists with destinations that fit their preferences. Basically, a virtual travel-agent role. Nothing too strange. You hand over some basic details and they forward you to a “supervisor” who will tell you more about the job. That’s when things shift.

The supervisor reveals what they actually need from you: writing positive reviews for hotels and travel experiences on major booking platforms. Fake reviews. Suddenly, without realizing it, you’ve been recruited into an online fake-review network.

Depending on your situation — or your desperation — you might even consider taking the job. But here’s the trick: whether you accept it or not, they’ve already won. If you agree, they’ll pull you deeper into their scam and continue extracting value from you. If you refuse, they still have your personal information. Name, phone number, email, maybe even more. The only thing they don’t have is your banking info… yet.

Now imagine you had given that too.

Either way, your data is now in the hands of scammers who can sell it, trade it, or use it to run highly targeted online scams designed specifically for you. And this — the harvesting and misuse of your data — is exactly how you become a victim of a brushing scam later on.

Every click, message, and interaction you make online leaves a digital trace. Scammers exploit these fake job interactions to build a detailed profile of you, monetizing your data along the way. In a system where personal information is a commodity, your identity becomes the product. Read Europols article about how scammers monetize your data here.

• QR Code Phishing: The New and Dangerous Twist on Brushing Scams

As you can see, despite its silly name and its relatively benign nature (you receive free stuff) the bruising scam can actually be quite dangerous.! It is a scam that ties multiple aspects of shady criminal activity together and the average person can quickly become entangled in these criminal networks. Another variety of the brushing scam comes with QR code phishing. This is when scammers adds a QR code to the package that they send you. If you scan this code and click the link, you’re toast. What lies on the other side of the link can vary but you can expect that more of your data will be taken and this time your money might too.

4. What You Should Do if You Receive a Brushed Package

If you receive an anonymous package with no return address contact the delivery service to inquire about the package. From there you will either be told they will come back and pick it up or that you can keep it. Document the package and your communications with the deliverer. From there, the choice is up to you about whether to keep the package or not. But make sure you post the contents of the box on No Scam. Make sure to tag it as a "Brushing scam" in the Scam Topic section. The more we know about what's being sent the better insights we can get about the changing operations of these types of exploits. Let’s use data to fight scammers.

5. Final Thoughts on Brushing Scams and Fake Online Reviews

The reason why we phrased the bruising scam this way was to highlight another mental device that No Scam wants to arm you with to defend against scams. If you haven’t read our previous article about Temu check it out here. In that article, we outlined the idea of an attack vector. When you start thinking in terms of attack vectors, you can start to identify weaknesses in a situation that scammers can exploit. In this article, we wanted to outline the economic ecosystem behind scams. Here, you must think in terms of incentives. Whenever you are about to enter a situation that involves money or anything remotely serious, you need to think about the incentives of the parties involved. When we pause to think about incentives we recognize that there is no free lunch! If you cannot think about an economic reason why someone is offering you what they are offering, you are likely about to enter a scam. Period! From there you must be alert to understand and think about the agents at play and what they really want. When we do this, we will realize that no one has a reason to send us a box of free goods. And the more we engage the worse it will become for us.

P.s, if you have experienced other scams, post them on No Scam as well. Scammers win because we are ignorant. Let's change that.