Have you had an Amazon package you didn’t order?

Jul 11 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s waiting for the cybercriminals to do something useful for once and reveal the identity of the suspended BBC presenter ????????????????

Today’s hottest cyber security stories:

  • ???? Surprise Amazon Packages in the UAE? It’s a Brushing Scam! ????

  • ???? Beware, Android Users! Spyware Apps Sneakily Collecting Your Data! ????

  • ???? Apple issues urgent patch for iOS, iPadOS, macOS, and Safari ????

Scammers are brushing up their skills ????????

We’ve got a bizarre mystery on our hands. Picture this: you’re going about your day, and suddenly, an unexpected Amazon package arrives at your doorstep. But here’s the twist—it’s something you never ordered! ????

Curious and a tad concerned, we dug deeper into this enigma. Arabian Business took the case to the Amazon detectives to unravel the secrets behind these unsolicited deliveries. Let’s get to the bottom of it, shall we?

According to Amazon’s statement, these peculiar incidents are part of a notorious “brushing scam.” How does it work, you ask? Well, here’s the scoop: sneaky third-party sellers are sending packages to random folks using publicly available names and addresses. ????????

But fear not, intrepid readers! We’re here to shed some light on this puzzling situation. Amazon is on the case, and while these incidents are indeed peculiar, they assure us that it’s not a direct threat to your privacy or security. Sure. ????️‍♀️????

Here’s how a brushing scam generally works:

Personal information acquisition: The scammer obtains a person’s name and address, usually through various means such as data breaches, public directories, or even social media.

Creation of fake accounts: The scammer then creates fake accounts on e-commerce platforms where they sell their own products.

False purchases: The scammer uses these fake accounts to place orders for their own products using the addresses they obtained. They pay for these orders themselves, often using stolen credit card information or other illicit means.

Delivery of unsolicited packages: To make the scam appear legitimate, the scammer ships the products to the addresses they acquired. The recipients, who are often unaware of the scam, receive unexpected packages at their doorstep.

Fake reviews: After the packages are delivered, the scammer writes positive reviews on their own seller accounts using the names of the unsuspecting recipients. This helps boost their ratings and increase their visibility on the e-commerce platform.

What Amazon says:

“At Amazon, we are relentless in our efforts to detect and prevent abuse from impacting customer experiences. Sellers are prohibited from sending unsolicited packages to customers. When a case arises, we investigate reports of “brushing” and work to take the appropriate action on bad actors that violate our policies, such as suspending or removing selling privileges, and withholding payments.

“If customers have received unsolicited packages, we encourage them to report this to our customer services team so that we can investigate and take the appropriate actions,” a spokesperson told Arabian Business.


If you receive a package that you didn’t order, don’t freak out! They’re only trying to boost their positive reviews, albeit in a fraudulent and invasive manner. Simply report it to Amazon and let them deal with it. Happy shopping!


Join Discord


Quick word from our sponsors today – ZZZ Money Club

I came across ZZZ money club during the crypto market bull run, even during the bear market this discord group have been amazing at giving information on projects and ways to make passive income in various ways.

The group are very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.




Spyware did you send my data?! ????

We’ve got a serious security alert for all you Android aficionados out there. Brace yourselves, because two seemingly innocent file management apps on the Google Play Store have been unmasked as sneaky spyware! Talk about a digital double-cross! ????️‍♀️????

Thanks to the vigilant folks at Pradeo, a leading mobile security company, this alarming infiltration has come to light.

Here’s the scoop: these devious apps, File Recovery and Data Recovery (com.spot.music.filedate) with a whopping 1 million instals, and File Manager (com.file.box.master.gkd) with over 500,000 instals, are all the handiwork of the same group. Sneaky, sneaky! ????️‍♂️

What’s even more sneaky is that these apps automatically launch when your device reboots, without any input from you. It’s like they’re secretly plotting behind your back! ????

On top of all this, the data is apparently being sent to China. As if they don’t get enough data from the West via TikTok. Geez!


So, dear Android enthusiasts, stay on high alert! Make sure you’ve uninstalled these rogue apps from your device, pronto.

Keep a keen eye on the permissions requested by any app you download, and be cautious of apps that claim to be innocent but end up being privacy pirates. Your personal data deserves to be protected like the treasure it is! ????????

????️ Extra, Extra! Read all about it ????️

Each week, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ???? Millionaire Habits’s: Learn how to steal the simple habits of millionaire in 3 minutes or less straight from your inbox

  • ???? Bot Eat Brain: Teaches how to harness the awesome power of AI whilst avoiding common pitfalls.

  • ???? Stand the f*ck out: Anxious about AI, wary customers, and rising competition? This on-trend newsletter could be just the ticket.

Let us know what you think!




How do you like them, Apple?

Apple has issued an urgent patch for a zero-day flaw in its iOS, iPadOS, macOS, and Safari products.

FYI: a zero-day vulnerability is an undiscovered flaw in an application or operating system, a gap in security for which there is no defence or patch because the software maker does not know it exists—they’ve had “zero days” to prepare an effective response.

The WebKit bug, catalogued as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content.

Nice, quick response from Apple but, even still, it did warn that it’s “aware of a report that this issue may have been actively exploited.”

Uh, oh, spaghetti-o. Stay safe, folks!

So long and thanks for reading all the phish!

Recent articles