‘Brushing’ — A New Kind of Online Scam


This holiday season will see us spending more time online than ever before, whether it be shopping for presents, video calling relatives, or streaming the latest seasonal films. The internet will be bringing friends and family together when the Covid-19 pandemic means many of us have had to spend the year apart.

Unfortunately, not everyone on the internet has the same good intentions. Cybercriminals see this time of year as the perfect opportunity to prey on unsuspecting victims. Phishing, identity theft, and other types of online scams are very common, and being able to identify the warning signs is a significant step in preventing your information from being stolen or ending up on the dark web.

The Dark Web

What is the dark web? Well, the dark web is a section of the internet that can only be accessed using special software, known as the Tor browser. Users on the dark web are largely anonymous and their actions untraceable, which is why the dark web has commonly been used as a base for all types of illegal activity. Hackers commonly sell personal information and financial details obtained during data leaks through dark web forums, which is what gives rise to identity theft. The dark web is also known for the sale of other illegal goods, such as drugs.

It’s not all bad news, however. Plenty of people use the dark web for perfectly legitimate purposes — for example, journalists often use the platform to communicate with individuals living under repressive governments.

Whilst it is reasonably easy for government agencies to track the activities of surface and deep web users, the dark web is a little different. Websites are not indexed by a search engine and there is no IP address that records your activity. The size of the dark web, therefore, remains a mystery.

Scams and the dark web

There are many types of online scams that can result in your information being stolen and ending up on the dark web. Once information is published on this platform, it is close to impossible to have it removed which is why it’s important to learn the warning signs of common scams.


Phishing is a fraudulent attempt to steal personal information by impersonating someone else. For example, you may receive an email from an address claiming to be your bank, alerting you to suspicious activity on your account. The email will contain a link which you are asked to click to confirm your personal details.

Clicking on this link will likely take you to a malicious website set up by the cybercriminals, who hope that you will not look too closely and input all of your personal and financial details.


Web skimming is a tactic used by cybercriminals in order to steal financial details. A skimming attack sees malware installed onto a web payment page. Shoppers enter their card details to pay for products, unaware that their information is also being stolen by cybercriminals.

Skimming is rising in popularity with Ticketmaster, British Airways and Puma websites all recently targeted by this form of attack.


Spyware is a type of malware that tracks the keystrokes of users. This is a particularly devastating kind of attack, as cybercriminals are able to track every piece of information you input online — personal details, contact information, and financial login credentials.

Spyware is usually shared via malicious email attachments. Never click onto a file that looks suspicious or originates from an unknown sender.

Covid-19 and the resurgence of online scammers

With the entire world working, chatting, and shopping online, the Covid-19 pandemic presented as a prime opportunity for cybercriminals to wreak online havoc.

One of the scams that resurfaced during this time is known as ‘brushing’. ‘Brushing’ occurs when people get sent free, unsolicited products in the mail. Many people dismiss this as a harmless prank but it can be an indicator that your information is in the hands of cybercriminals or worse, on the dark web.

If you are a victim of ‘brushing’, it usually indicates that your personal information has been used to create fake online shopping accounts. These accounts are further used to write fake reviews and build hype about particular products or stores. Whilst the cybercriminal may not be using your bank account to make the purchases, they do have your name and address, which is never a good thing.

Protecting yourself online

There is no fool-proof method that will guarantee your protection against scams. The best thing that you can do is remain vigilant. Never click on emails from senders that you don’t recognize and try to keep track of which online websites have access to your personal information.

Consider signing up for a credit card that you solely use for online purchases. This will protect the bulk of your savings, should your card information be stolen or compromised.

Dark web monitoring is another excellent cybersecurity tool that you should consider using. Dark web monitoring cannot remove your information from the dark web, but it can alert you should your personal details be found there. This will allow you to take proactive measures to protect yourself and your identity.

Above all, keep up to date with the latest in online scams. Understanding the methods of cybercriminals will increase the likelihood of you seeing through their tactics and staying safe online.


Please enter your comment!
Please enter your name here