Highlights

• Recent surge in "brushing" scams across Louisiana and Texas involving unsolicited packages from Amazon, Temu, and other retailers with QR codes inside
• QR codes pose a new threat - scanning can lead to phishing websites that steal personal information or download malware onto devices
• Your address has been compromised if you receive these packages, indicating scammers have obtained your personal information from data breaches or online sources
• You can legally keep the items by federal law, but never scan QR codes or provide personal information to unknown sources
• Report immediately to retailers (Amazon, Temu), FTC at ReportFraud.ftc.gov, and monitor financial accounts for suspicious activity

New QR Code Scam Targeting Louisiana and Texas Residents Through Fake Amazon, Temu Packages

Postal authorities warn Gulf South residents about "brushing" scams using unsolicited packages with malicious QR codes designed to steal personal and financial information

LAFAYETTE, La. (KPEL News) — Louisiana and Texas residents have started finding unexpected packages on their doorsteps containing items they never ordered.

According to the U.S. Postal Inspection Service, these unsolicited deliveries represent a growing threat called "brushing" scams, which now include a dangerous new element: QR codes that can compromise your personal and financial information when scanned.

Get our free mobile app

The scam has been documented across the Gulf South region, with reports coming from communities throughout Louisiana and Texas. Unlike traditional package theft, this scheme delivers unwanted merchandise directly to your address, and then uses psychological tricks to get you to scan malicious codes hidden inside.

What Louisiana and Texas Residents Are Receiving

The packages vary in content but follow a consistent pattern. Recipients report receiving small electronics like Bluetooth speakers, jewelry items including rings and bracelets, phone charging accessories, and other lightweight merchandise that costs little to ship internationally.

These deliveries arrive addressed to the correct recipient but lack clear sender information. Sometimes the return address appears to come from Amazon, Temu, or another legitimate retailer, making the packages seem authentic at first glance.

Inside the package, victims find a note claiming someone sent them a gift. The note includes a QR code with instructions to scan it to "find out who sent the gift" or "get return instructions." This QR code represents the actual danger in the scam.

How the QR Code Scam Works

According to the Federal Trade Commission, scanning these QR codes can redirect you to phishing websites designed to steal credit card numbers, usernames, passwords, and other sensitive information. The codes can also trigger malware downloads that give criminals ongoing access to your device.

The scam represents part of a broader trend called "quishing" - QR code phishing that sends users to fake websites mimicking legitimate institutions like banks, government agencies, or major retailers. These fake sites often look remarkably similar to the real thing, making them difficult to identify without careful examination.

While some social media warnings have exaggerated the immediate dangers - claiming that simply scanning a code instantly drains bank accounts - fact-checkers at Snopes note the real risks remain significant. The codes typically require additional user actions to complete their theft, but those actions often feel natural and trustworthy to victims.

Why Scammers Target Louisiana and Texas Addresses

Criminal organizations obtain personal information through data breaches, leaked customer databases, and publicly available online sources. Once they have names and addresses, they create fake orders using legitimate e-commerce platforms to ship inexpensive items to real locations.

The delivery confirmation allows scammers to post verified buyer reviews under the recipient's name, boosting product ratings and sales numbers on platforms like Amazon, Temu, and other marketplaces. Higher ratings typically translate to increased legitimate sales, making the cost of shipping free merchandise profitable over time.

Most of these operations involve international third-party sellers who use this technique to establish credibility on American e-commerce sites. The fake reviews help their products appear more popular and trustworthy to genuine customers browsing online.

If you receive one of these packages, your personal information has already been compromised to some degree. Scammers don't randomly select addresses - they specifically target people whose data they've obtained through previous breaches or online harvesting operations.

What Louisiana and Texas Residents Should Do Immediately

If You Receive an Unexpected Package:

Federal law allows you to keep unsolicited merchandise without payment obligation, but avoid interacting with any QR codes, inserts, or instruction cards included in the package. You can dispose of the items or keep them, but never scan codes or click links associated with the delivery.

Contact the retailer if the package appears to come from a legitimate company. Amazon Customer Service investigates brushing scam reports and takes action against fraudulent sellers, including removing fake reviews and suspending accounts. Temu has stated they "strictly prohibit this practice and will take action against violators."

Ask retailers to remove any fake reviews that may have been posted under your name. These reviews damage the integrity of online marketplaces and mislead other consumers.

If You Already Scanned a QR Code:

Change passwords immediately if you entered any credentials on websites after scanning. Focus on financial accounts, email, and social media platforms first, then update passwords for shopping sites and other services.

Monitor all financial accounts for unauthorized transactions. Check bank statements, credit card activity, and any payment apps you use regularly. Set up account alerts if your financial institutions offer them.

Run comprehensive antivirus scans on any device used to scan the code. Some malware can operate silently in the background, so use updated security software to detect and remove potential threats.

Consider placing fraud alerts on your credit reports through the three major credit bureaus. This adds an extra verification step if someone tries to open new accounts using your information.

Reporting and Prevention for Louisiana and Texas Residents

Where to Report:

File complaints with the Federal Trade Commission regardless of whether you lost money. These reports help authorities track scam patterns and take enforcement action against criminal operations.

Report Amazon packages to Amazon Customer Service through their official website or app. The company maintains dedicated teams to investigate brushing scams and fraudulent seller activity.

Contact Temu customer service for packages appearing to come from their platform. Document the items received and save any packaging or inserts as evidence.

Submit reports to the Better Business Bureau Scam Tracker to help warn other consumers and build enforcement cases.

Protection Measures:

Monitor financial accounts regularly rather than waiting for monthly statements. Many banks and credit unions offer mobile apps with real-time transaction alerts that can catch unauthorized activity quickly.

Review credit reports periodically for accounts you didn't open or inquiries you didn't authorize. You can access free credit reports annually from each major bureau through AnnualCreditReport.com.

Never scan QR codes from unknown sources, even if they appear to come from legitimate companies. When in doubt, contact the company directly through official channels rather than following links or codes from suspicious sources.

Verify sender identity before interacting with any package contents. If someone genuinely sent you a gift, they typically provide advance notice or contact you directly rather than including mysterious instructions.

What This Means for Your Personal Information

Being targeted for a brushing scam indicates criminals already possess some of your personal data. This information might include your name, address, phone number, and potentially other details obtained through data breaches, leaked customer databases, or online reconnaissance.

The fake review scheme represents just one way criminals monetize stolen personal information. The same data could be used for identity theft, additional scam attempts, or sold to other criminal organizations for future schemes.

Monitor personal accounts and watch for other signs of identity compromise. This includes unexpected mail, unfamiliar charges on accounts, new accounts opened without your knowledge, or contact from debt collectors about debts you didn't incur.

Update passwords on important accounts as a precautionary measure, especially if you use the same password across multiple sites. Consider using a password manager to create unique, strong passwords for each account.

The geographic targeting of Louisiana and Texas residents suggests organized criminal operations that specifically focus on Gulf South communities. This regional approach often indicates scammers have obtained data from sources with regional customer bases or have identified these areas as particularly profitable targets.

There are a lot of scams out there you need to keep an eye on. Here's a list of scams the FBI is warning folks about.