A Jacksonville man says a tiny rolled-up mailer left in his mailbox looked like harmless junk at first glance. Inside was nothing but an empty plastic liner and a printed QR code, and he admits he almost scanned it. Now the odd delivery has neighbors on edge as similar mystery packages surface across the country in what consumer watchdogs say is a growing “brushing” scheme.
Speaking with Action News Jax, Danny Grabill said he initially shrugged off the packet as spam. After he Googled the sender name “Davve Garzaz,” though, he said he found hundreds of similar complaints from people across the United States who reported receiving the same kind of small, often empty mailers.
How the QR-Code Brushing Scam Works
Brushing is a tactic where shady sellers send out unsolicited products so they can post bogus “verified purchase” reviews tied to real addresses, according to the U.S. Postal Inspection Service. In this version of the scam, the mailer includes a QR code that can lead to a site designed to harvest personal information or load malicious content. The FBI warns that scanning QR codes from surprise packages can trick people into handing over login credentials or installing malware, and urges anyone targeted to report it to the Internet Crime Complaint Center (IC3).
Reports Tied to the Same Sender Are Popping Up Nationwide
Consumer complaint sites are filling up with stories that sound a lot like Grabill’s. People describe nearly identical lightweight mailers, similar return addresses and slightly scrambled sender names. The Better Business Bureau Scam Tracker lists multiple recent complaints linked to names like “Davve Garzaz.” Action News Jax also quoted BBB CEO Holly Salmon, who said the bureau has “seen a huge influx” of these cases, including what she described as more than 2,000 people reporting similar packages in just the last month.
What To Do If You Get a Suspicious Package
Authorities are clear on the first step: do not scan a QR code from any package you were not expecting, and do not type in or share personal information if you already clicked a link from one. The U.S. Postal Inspection Service advises consumers to lock down account passwords and notes that recipients are legally allowed to keep unsolicited merchandise. The FBI recommends filing a report with the IC3 if you scanned a suspicious code or entered any sensitive information.
If there is even a chance your financial data was exposed, officials say you should reach out to your bank, change passwords and enable two-factor authentication on any potentially affected accounts…