Police Warns: Beware of the Brushing Scam Using QR Codes on Packages

By: Fatima P.Last updated:February 17, 2025

It’s become second nature to many of us by now to scan a QR code. It’s easy, convenient, and a no-brainer to actually do. In fact, most of us don’t think twice about scanning one.

But this does not come without risks. With increasing cases of scams, authorities are urging people to be more vigilant about scanning QR codes, especially since there’s rising cases of brushing scam using QR codes on packages.

Akron Police Department posted a high alert warning on their Facebook page, regarding the several cases of ‘brushing’ scam in packages sent to your home unwillingly. These gifts contain QR codes that the recipient needs to scan to find out who sent the gift.

Due to the nature of this scam, the gift often does not have the sender’s address, only the recipient's. It feeds on the recipients’ curiosity, who scan the QR code to find out who is supposed to be the ‘gift-giver.’

“A lot of these scams have just moved online and become technologically advanced,” said TrustedSec Advisory Solutions Director Alex Hamerstone.

Brushing: Traditionally used to inflate good reviews, now a scam to pry on your data

Brushing scam on packages

The term ‘brushing’ refers to the practice of online retailers generating a lot of positive reviews and being highly rated sellers of certain products in the market.

They'll sell the product at a very cheap price to themselves and ship it just to a random address,” said Hamerstone.

Essentially, these sellers ship products to buyers, which are technically still themselves, using the account of their friends, families, or relatives, to artificially inflate the reviews of their products and their store.

Then, they take advantage of the rising popularity of product packaging QR code by copying the same placement of the code on boxes.

The new brushing QR code scam uses a variation of this tactic to pry on your data. It sends a gift to your address—be it through a random selection or accessed from a previous data breach.

Scanning this QR code can expose your personal and financial information stored in your phone, including mobile banking, IDs, login credentials, and more, to scammers.

What you should do if you receive an unsolicited gift ‘brushing scam’ QR code

QR code safety tips

The creation of these scams revolving around QR codes are rampant due to how easy it is to generate these codes using a QR code maker online.

While this software is developing more secure features, malicious actors are still finding ways and loopholes to create scams. And as much as a free QR code generator offers security, it’s imperative to practice due diligence to prevent falling for these scams.

Akron Police encourages everyone to not panic if you ever receive these unsolicited gifts. In fact, by law, you can keep the item, if there’s any, that came along with your gift.

At the same time, Hamerstone warns everyone that it should always come as a red flag if the sender information isn’t specified. If there’s a QR code that compels you to scan to discover who sent the gift, don’t scan it at all cost.

“Generally, if you didn't order the package, you should not be following the QR code,” said Hamerstone.

What you should do if you scan the QR code scam

If you happen to scan these QR codes, take quick action by changing all the credentials of the account logged in on your phone. This way, there’s less to no chance that the credentials they hacked will be used to login to your account.

Moreover, call your bank to lock all your accounts, both debit and credit. This way, scammers won’t be  able to make unauthorized transactions, leading to financial losses on your part.

It’s also practical to reinforce your device’s security by updating security patches and downloading antivirus software from a credible brand. It may also be a wise decision to invest in a paid antivirus plan to get more comprehensive security.

As a rule of thumb, “Don’t scan QR codes that are not in expected places,” said Hamerstone.

Some consumers confirm they are likely to fall for this ‘brushing’ scam

Chloe Eaglowski, a consumer in the community, is  much concerned about this scam as she confirmed she is very likely to fall for this scam.

“I would totally fall for that for sure. Like I get random packages to my apartment all the time, so that’s kind of crazy,” Eaglowski said.

“If you get an email from somebody you don’t know where it came from, you shouldn’t open it or download any of the documents that it came with because that’s how other scams happen as well,” Michael Osickey, one of the consumers, also noted.

Akron Police Department hasn’t recorded or confirmed any current victims of these scams, but they remain on high alert if one of these ever happens in the community.