The viral "QR brushing scam" has everyone freaking out: What is it?

Man loses ₹41 Lakh to ‘IPO Gurus’: Here’s how you can stay safe

Use these AI prompts to bag a fatter paycheck at your next job

Students in 2025 swear by these 3 AI hacks to study smarter, not harder

Samsung Galaxy Watch 8 ASMR unboxing – Slimmer, smarter, sleeker

ChatGPT-5 explained: 45% fewer hallucinations, 80% smarter

Windows wants you to ditch your keyboard & mouse by 2030

Genie 3 by DeepMind is the wildest AI yet that can build whole 3D worlds

GPT-5 might just drop soon, and the internet’s already spiralling

ChatGPT to get smarter about emotions, will start 'caring' about users

Tech

Mehul Das

18 AUG 2025 | 12:53:45

There’s a new scam doing the rounds in the US and certain parts of Asia that’s making even the FBI nervous. And if you own a smartphone, you’re already a potential target.

Forget those boring old spam calls and phishing links; this new trick by scammers is all about mystery packages and QR codes, and it’s catching people off guard.

What’s the deal with these mystery packages?

So here’s how it plays out: you get a package out of nowhere, and it’s got your name on it, but you never actually ordered anything.

Now, here comes the twist: there’s no sender info, no return address, just a box with some rubbish junk inside, and a QR code, either on the address label. or on a pamphlet inside the box.

Now, the label or pamphlet will say to return the package or get in touch with the sender, scan the code. Most people can’t help themselves—they scan the code just to figure out what’s going on.

And that’s exactly what the scammers want.

How scammers are flipping the classic “brushing” scam

This is a next-level spin on the old brushing scam, where dodgy sellers would send you random stuff just so they could use your details for fake product reviews. Now, instead of chasing five-star ratings, cybercriminals are planting QR codes in these surprise parcels.

When you scan one, you could be asked to fill out forms with your personal details, or worse, the code could secretly install malware right onto your phone.

Best case scenario is that they find their way into your social media accounts. However, they can also hack their way into your bank accounts, credit cards, crypto wallet, and emails. Moreover, this also gives them access to your most private and personal data.

Here’s how to keep your info safe

Luckily, dodging this scam is easier than you might think. If you ever get a package you didn’t order, and it has no info about who sent it, do not scan any QR codes inside.

Treat random deliveries like they’re suspicious, not exciting. Do not try to get in touch with them, and don't even try Googling them. Chances are Google will push Gemini on to you, and while that would have been okay otherwise, hackers have already found ways to spam Google Gemini.

And always think twice before granting apps or websites access to anything on your phone.

If you suspect you might have already scanned something shady, the best move is to update all your passwords, check your credit report for weird activity, and secure your logins.

Curiosity might have killed the cat, but it doesn’t have to empty your bank account. Stay alert, and don’t let a surprise delivery catch you off guard.

tech