Tech Made Simple

Hot Topics: CES 2025 | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

FTC Warns of Dangerous Scam Tied to Anonymous Surprise Packages

by Suzanne Kantra on January 23, 2025

Last year, I received a package containing an electronic water fountain for cats that I didn’t order (I don’t have a cat). There was no return address and no note. This was an example of a "brushing" scam, where shady companies send unordered packages to people and using that person's information to post fake product reviews.

Now, the FTC is warning of a new variation on this scam that ups the ante by using QR codes to direct unsuspecting victims to malicious websites. For example, you might scan a code included in the box expecting to learn how to return it, only to land on a convincing but fake shipping company or retail website. There you might be tricked into entering personal or credit card information that could lead to fraudulent charges or identity theft, or even into downloading malware.

And QR codes are often more dangerous than clicking a link because you can’t see where they lead until it’s too late. If there had been a QR code in my package promising to reveal who it was from or how to return it, I might have been tempted to scan it.

An open box with a piece of paper with a QR code on it.

How did the scammers get your information?

Receiving an unexpected package suggests that your personal information, such as your address, may already be compromised. Scammers often obtain this information through data breaches, phishing schemes, or other means. At this point, it's safe to assume that all of our basic demographic information is floating out there on the web somewhere.

Read more: Google Rolls Out Free Dark Wb Monitoring Tool

How to protect yourself

Here’s how to safeguard your personal information if you receive an unsolicited package with a QR code:

  1. Don’t scan the QR code: Treat it like a suspicious link. If you’re curious, try researching the package’s origin using other identifiers on the package, such as tracking numbers.
  2. Secure your accounts: If you scanned the QR code and entered account information, change your password immediately. If you use that password across multiple sites, change those passwords too.
  3. Monitor your credit reports: If you scanned the QR code and gave away any personal information, look for unauthorized activity that might indicate identity theft. And consider adding a credit alert or credit freeze. Find out more in our story The Best Way to Prevent Identity Theft.
  4. Report the incident: Report the scam to the FTC at ReportFraud.ftc.gov.

QR codes give scammers an easy way to direct victims to harmful sites. If you receive an unexpected package, resist the urge to scan the code. Letting curiosity go unsatisfied is far better than risking your personal and financial security.

[Image credit: Techlicious/Midjourney]

Topics

News, Computer Safety & Support, Blog, Privacy


Discussion loading

Our Latest Reviews

New Articles on Techlicious

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.