Who knew there was a name for it? I suppose that makes it easier for headlines and reporting, but this one you didn’t even see there. I first heard it when it popped up in the middle of a followup news story. “It’s called brushing,” the helpful reporter helpfully reported. Of course now it’s all over the place.
You remember those seeds people would find in the mail. Seeds from China not ordered yet delivered to mailboxes across America. In the third month of wide spread quarantines due to COVID, mysterious packages from China weren’t received with the awe and elation one might more typically express at finding surprise packages under a tree in December. It turned out the seeds were just that. Seeds. Mostly flowers, some herbs. Just seeds. And it turned out that just seeds weren’t just the only things showing up in mailboxes. People reported receiving sunglasses, stickers, speakers, and socks. The common factors in all these, besides the items starting with “s,” were the absence of any sender documents, invoices, or packing slips, and they weren’t ordered by the people receiving them.
“It’s called brushing.” It’s also not new. Last year multiple claims of unordered items being received were reported to Amazon as were they also in 2018. The earliest report of the scam I found was in October of 2017 and I wasn’t working that hard to find any. By then it appeared to be already very well established and a common practice in e-commerce. According to the Better Business Bureau brushing is the practice where a company, usually a third-party seller, sends items to an address that they found online or from a purchased mailing list. The intention is to make it appear as though a verified buyer purchased the product and wrote a glowing online review of the merchandise. This not only increases product ratings but since the item is actually “purchased” it increases the company’s sales leading to more contracts for the third party handler. Typically they are cheap items small enough that can be shipped inexpensively.
Representatives from various agencies and organizations including the BBB, the Federal Trade Commission, and the U. S. Postal Service recommend that if you receive an unordered package to contact the retailer or shipper if identified on the label and report that you have been the victim of the scam, and in the case of seeds or edible products to forward the package to local authorities or the United States Department of Agriculture. According to the FTC if you decide you want to keep the item you can because it is in its opinion a “free gift.”
Where is the downside except for the long shot possibility that a seed could turn your backyard a Little Shop of Horrors clone? For one, the one that all the experts keep bringing up, how did the sender get your name and address? Face it fellas, our names and addresses aren’t secret. I couldn’t begin to count the number of companies, agencies, clubs, and services that have my name and address. Of more concern that nobody mentions is this third party seller is posting a review in your name and that can’t be done unless you are signed into the site. Suddenly the recommendation everyone makes to change your passwords, even though they don’t say why, is making more sense.
And now finally after about five hundred words on brushing I get to the point of today’s post. Just how secure can we make our information even changing passwords and security questions on a regular basis. (By the way, those security questions – does anybody lie about them? Wouldn’t that make more sense? I mean if they are the last line of defense and somebody has already cracked your 23 character upper and lower case, number and special character containing password that you change every 4 days, surely they know what street you grew up on. But I digress.)
Banks and security, they don’t go together like pork and beans. I thought of this last week when my daughter told me her credit card issued by a local bank was used by someone to subscribe to some ongoing monthly service. She discovered this while she was reviewing her monthly statement. She contacted the vendor, confirmed the fraudulent charge, contacted the bank and was issued a new card, along with being issued the routine “change your password, PIN, and security questions” instructions. Because that card was one she used for some of her own recurring monthly subscriptions and payments she would have to reenter all that information in those sites. She recieved her new card and began the process of updating payment information when she noticed a vendor already had the new numbers on her profile. Thinking she had just done that and forgot she moved on to another and found their information had been likewise updated. This prompted a new call to the bank and she was informed that “as a service” the bank routinely provides the new information to recurring payment vendors. She reminded them her account had been compromised by way of a recurring payment vendor and asked if they thought was the best course of action to be distributing people’s private information. The response was “most people appreciate not having to go through all that work.”
Now that was the real brush off.
The Real Reality Show Blog 
Oh dear! I’m not sure I’d stay with that bank!
Also, clever idea of yours about lying on those security questions. Creating the answers could be fun. 😉
Yeah, banks seem to be getting squirrellier (squirrellyer?)
And yes, yes, coming up with some custom answers to go with those insecurity questions could be fun. You might have given me an idea for a new post!
Yes, yes, run with that idea!
Don’t touch that dial!
I consistently lie on all security questions — like anybody’s going to know my first pet’s name was Hazel — Oops! cheers
What a great idea! Thank you.
I feel left out: I didn’t receive any seeds, socks, speakers or even a pair of cheap sunglasses 😦
Me neither. You’d think for as many lists as I know I’m on based on the amount of junk mail, real and electronic, I’d have gotten at least a pack of seeds. Sheesh!