• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 31st anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $23,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $23 Million dollars
  • Wish you could meet up with other TUG members? Well look no further as this annual event has been going on for years in Orlando! How to Attend the TUG January Get-Together!
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Beware of the latest Brushing Scam

Dane2

Guest
Joined
Nov 18, 2023
Messages
6
Reaction score
2
Resorts Owned
Tahiti Village
A “brushing” scam is when someone receives an unexpected gift or item not ordered in the mail from a place like Amazon or another company. Examples of gifts include rings, bracelets, necklaces, Bluetooth speakers, etc. The gift will have the recipient’s address, but not include the sender’s information or be from a known retailer. When the recipient opens the package to see what it is and possibly who sent it, there is a QR code to scan to find out who sent the gift.

Once the code is scanned, all the information from that phone will be sent to scammers. They receive all access to the phone. All personal and financial information is accessible to the scammers and often the victim’s bank accounts are drained.

The gift can be kept or thrown away, but the QR code should NOT be scanned for any reason.
 

clifffaith

TUG Member
Joined
Feb 24, 2016
Messages
6,348
Reaction score
8,539
Location
San Juan Capistrano, CA
Resorts Owned
Formerly: Marriott, ILX, Westin, Diamond, Worldmark. Timeshare free as of 12/24.
Now if I can just keep Cliff from sending money when our packages “are stuck in customs”. I knew something was going on at dinner Thursday when he pulled a credit card out as we waited for our food, then when we got back to our apartment there was a message from (presumably fake caller ID) Synchrony bank at the exact time asking him to push particular buttons. My suspicion is that he also entered our home phone number when scammers expected him to use cell phone number. This percolated in my mind for a couple hours and when he went to bed I snooped and found the scam message on his phone. I cancelled cards Thursday night and new ones arrived yesterday.
 

dioxide45

TUG Review Crew: Expert
TUG Lifetime Member
Joined
May 20, 2006
Messages
50,964
Reaction score
22,451
Location
NE Florida
Resorts Owned
Marriott Grande Vista
Marriott Harbour Lake
Sheraton Vistana Villages
Club Wyndham CWA
Seems farfetched that a QR code could completely unlock a phone and send all the data.

the USPS does not mention that.

I was thinking the same thing. Just like the supposed "say yes" scam. Not aware of any confirmed reports that anyone has fallen victim to this.

Visiting a malicious website could be a problem, but I don't think a website alone can execute any code like this on a modern smart phone. Perhaps it asks you to install an app? But still, it wouldn't send all your data.
 

RX8

Timeshare Scam Investigator
TUG Member
Joined
May 5, 2011
Messages
4,395
Reaction score
4,961
Resorts Owned
HGVC and DVC
Seems farfetched that a QR code could completely unlock a phone and send all the data.

the USPS does not mention that.


I was thinking the same thing. Just like the supposed "say yes" scam. Not aware of any confirmed reports that anyone has fallen victim to this.

Visiting a malicious website could be a problem, but I don't think a website alone can execute any code like this on a modern smart phone. Perhaps it asks you to install an app? But still, it wouldn't send all your data.
You are both correct. The below quote is from the website Snopes about the brushing scam. While they confirm the brushing scam is real, they labeled the QR piece of it as false.

“However, specific claims made in some of these warnings exaggerate the capabilities of QR codes. The mere act of scanning a QR code does not by itself trigger immediate consequences such as compromised phones, stolen personal and financial information or drained bank accounts. Typically, scammers require further steps from their victims to acquire personal and sensitive information.”
 
Top