Got An Unexpected Amazon Package With a QR Code? Police Say it’s a Scam

Police in the US are once again sounding the alarm about brushing scams.

The scam begins as a typical brushing scam, but fraudsters use Amazon branding to deceive recipients.  You don’t remember ordering anything, but your name and address are correct. Inside, there’s a small item or just a note and a QR code telling you to scan it to “find out who sent this gift” or “confirm delivery details.”

This exact scenario is being used in a new scam designed to steal personal and financial information.

How the Scam Works in 2026

Scammers send unsolicited packages with the Amazon logo to create instant trust. The label includes your name and shipping address. The kicker? The package includes a QR code. It might claim to:

• Reveal who sent you the package
• Give you gift cards or cash gifts in exchange for a good review
• Report wrong delivery

At first, there’s nothing threatening about it. But once you scan that code, you’re redirected to a malicious website.

This is what can happen:

• You may land on a fake Amazon page asking you to “verify” your account  by entering your login information
• In some cases, you could be encouraged to download something to your phone.

If you enter your credentials, scammers can capture them immediately. If you download something malicious, they may gain access to sensitive information stored on your device, including banking details.

That’s how a “mystery gift” can quickly turn into unauthorized charges or drained accounts.

What to Do If You Find An Unexpected Package At Your Door

• Don’t scan the QR code
• Don’t enter any information on sites linked from the package.
• Check your Amazon account directly through the official app or website to confirm whether an order exists.
• Keep an eye on your bank and credit card activity for anything unusual.

If you already scanned the code and entered information, change your passwords immediately and contact your bank to flag potential fraud.

When You’re Not Sure, Let Technology Help

QR codes hide the destination URL, which makes them tricky. You can’t see where they lead before scanning.

That’s where tools like Bitdefender Scamio can help. If you’re unsure about a suspicious message, link, QR code scenario, you can paste the details into Scamio and get an instant assessment powered by AI trained to detect scam patterns.

If you do end up with a link and want to check it before interacting further, Bitdefender Link Checker lets you analyze URLs safely to see whether they’re malicious or impersonating legitimate brands.