ESET: Even the arrival of an unexpected package can be an internet scam

By: Trademagazin Date: 2026. 03. 06. 10:41

🎧 Hallgasd a cikket: Nyelv: Sebesség: 1.05×

Cybercriminals are increasingly using unexpected packages to scam people, and while the arrival of an unsolicited package may seem like a lucky coincidence at first, the background is often a sophisticated online fraud, the so-called brushing scam – warn cybersecurity experts from ESET.

According to a statement from ESET, an international supplier of business and home security software solutions, global e-commerce turnover exceeded 6.4 trillion dollars in 2025 and a significant portion of purchases are now made on online marketplaces. Although well-known, widely used and highly-reviewed platforms are convenient and mostly safe, they are also targets for fraud and abuse.

The announcement quotes István Csizmazia-Darab, cybersecurity expert at Sicontact Kft., which distributes ESET products, who said: in a brushing scam, a criminal posing as a seller sends a low-value product to a real, unsuspecting recipient, solely in order for the transaction to appear on the marketplace as a “real purchase” and thus a fake, five-star rating can be attached to it.

The fraudsters use names and addresses from data thefts or public sources to create fake user accounts. They “purchase” their own product, send the package to the victim’s address, and then write a positive review about it, artificially improving the product’s reputation. According to surveys, Amazon, for example, blocked more than 275 million fake reviews in 2024 alone.

The expert added that brushing scams are not just about circumventing customer review systems; the fact that someone becomes a target may indicate that their personal data has already appeared in cybercriminal circles, and the fraudsters may be preparing a larger misuse of the data.

The packages can often also contain a QR code leading to a phishing page, which, for example, tries to get the user to install malicious software. In addition, a very important consequence is that such frauds undermine trust in online marketplaces in the long term, he said.

According to the statement

It may be suspicious if someone receives a package from the sender who did not order anything, or if, for example, the sender’s designation is incomplete or unclear, or if there is a QR code on or in the package.

Experts advise that in such cases, the user should make sure that it is not a gift from family or friends, and if it was not sent by them, they should not accept the package. Do not scan QR codes found in unsolicited packages. When an unexpected package arrives, check your bank account and bank card transactions, and notify the affected marketplace of the fraud.

According to experience, the key to prevention is the protection of personal data. According to ESET experts, users should regularly change passwords, use unique passwords, two-factor authentication, and use a passcode for logins. It is also important to share as little personal data and information as possible on social media, because they can easily become victims of fraud.

István Csizmazia-Darab emphasized that it is worth using protection software that not only filters out malware and blocks suspicious websites and phishing attempts, but also scans thousands of websites – including the dark web and black market chat rooms – and recognizes and notifies users if their personal data has fallen into unauthorized hands.

ESET’s free cybersecurity podcast, where a police expert also talks about the methods of fraudsters, can help increase user awareness and prevent fraud. on the role of defense.