CHAMBERSBURG – The Chambersburg Police Department is releasing the following scam awareness alert issued by the FBI Internet Crime Complaint Center.
Officers said unsolicited packages containing QR codes have been used to initiate fraud. Criminals send unsolicited packages containing a QR code that prompts the recipient to provide personal and financial information or unwittingly download malicious software that steals data from their phones, police said.
To encourage the victim to scan the QR code, the criminals often ship the packages without sender information to entice the victim to scan the QR code. While this scam is not as widespread as other fraud schemes, the public should be aware of this criminal activity.
This is a variation of a “brushing scam,” which is used by online vendors to increase ratings of their products. In a traditional brushing scam, online vendors send merchandise to an unsolicited recipient and then use the recipient’s information to post a positive review of the product.
In this variation, the FBI alert said, scam actors have incorporated the use of QR codes on packages to facilitate financial fraud activities.
The officers noted criminals continue to evolve their tactics to target unsuspecting victims. Precautions should be taken prior to scanning any QR codes received through unsolicited communications or packages. Beware of unsolicited packages containing merchandise you did not order. Beware of packages that do not include sender information.
Take precautions before authorizing phone permissions and access to websites and applications. Do not scan QR codes from unknown origins.
Police noted, if you believe you are the target of a brushing scam, secure your online presence by changing account profiles and request a free credit report from one or all the national credit reporting agencies (Equifax, Experian and TransUnion) to identify possible fraudulent activity.
The FBI requests the public report these fraudulent or suspicious activities to the FBI IC3 at www.ic3.gov. Be sure to include as much information as possible: The name of the person or company that contacted you. Methods of communication used, including websites, emails and telephone numbers. Any applications you may have downloaded or provided permissions to on your electronic device.
