People could end up getting strange deliveries they never asked for (stock image) (Image: Getty)
In a world of online shopping, it is possible to get almost anything delivered to your door – from clothes and tech to food and more. But when items you didn’t order start showing up, experts say it should raise a serious red flag about the possibility of your data being stolen.
Anyone who finds a suspicious parcel at their door should not open it; instead, they should report it, experts advise. It is could be that someone is using your name, address and more to carry out a sinister scheme.
Explaining the suspected process, consumer group Which? said: “A seller on a site like Amazon, eBay or AliExpress gets access to your details, likely through a data breach, and ‘buys’ a product in your name. When it arrives at your home, the website sees this as a legit purchase, allowing the scammer to leave a fake, but glowing, review in your name.”
Experts believe this is done “at scale”, sending “cheap and rubbish products” to homes that people never asked for. It is thought that this is all to help boost their seller ranking, sending their products up to the top of search feeds when people actually want to buy from them.
This may seem like no real harm is being done, since homeowners aren’t losing any of their own money as part of this scheme. But, the sinister part sometimes lies inside the box itself. Which? claims: “Sometimes the boxes will contain a QR code.
“If you scan that with your phone, it could take you to a malicious website or download malware to your device. Even if it doesn’t contain [a QR code], an out-of-the-blue parcel of any kind could be a sign that your data has been stolen.”
What should I do if I think this may be happening to me?
Firstly, people who receive any parcels addressed to them that they haven’t been expecting should report it to the website that sent it. People should also check their credit file for any accounts they do not recognise, as this could indicate where the parcels are coming from.
Which? also suggested that people put their email address into a free website (haveibeenpwned.com). This runs a check on your address to see if it has appeared in any data breaches, providing details of the rough time these breaches occurred and what data was compromised – including names, usernames, email addresses and passwords.
It may also be worth checking that passwords you do use for accounts are “strong and unique”. The specialists suggested that using a password manager tool could also help, as these generate long, individualised and complex passwords and remember them for you.
In other news, experts have recently issued a warning to people using sites to make a reservation. The alert comes after booking.com was recently hit by a data breach.
Hackers stole customer data from the provider. Concerns have been raised that scammers could use the data to try to dupe people into handing over money. The criminals accessed booking details including names, email addresses, and phone numbers – and some customers have already reported receiving suspicious messages.
A spokesperson for Booking.com said about the incident: “At Booking.com, we are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information.
“Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests. We can confirm that financial information was not accessed from Booking.com’s systems, or physical addresses. We always encourage our guests to remain vigilant to potential phishing attacks.
“Booking.com will never ask guests to share credit card details by email, over the phone, WhatsApp or text, or ask guests to make a bank transfer that is different from the payment policy details in their booking confirmation.”