A WARNING has been issued over a common Black Friday scam that could see Brits lose £1,000s.
Kushal Tantry, CEO of , urged anyone who gets an unexpected parcel to be wary.
Kushal told The Sun: "If you receive an unexpected package that is addressed to you, it is up to you whether you keep or throw away the item inside.
"If the package contains a QR code, however, do not scan it."
Cybercriminals have been sending unsolicited packages to unsuspecting households with a QR code, which when scanned takes victims to a phishing website, Kushal revealed.
The page then attempts to hack into personal information like banking details.
read more on scams
QR brushing is a development on traditional brushing, where criminals send unwanted packages to a person's home address that they didn't order.
The boxes are labelled with the recipient's name and address, but contain no return address.
It can be done by third-party sellers, who sell products on sites like Amazon.
The fraudster obtains names and addresses from a data breach, social media or public directory and will then use these details to set up an Amazon account.
Most read in Money
They then purchase the product from their own store using stolen details, before shipping it to the victim.
Once the package has been signed for, the scammer then writes a positive verified review to help drive sales of potentially dodgy products.
Kushal added: "You should contact your local authority to report this scam, so they can put out a warning, if necessary, to prevent other recipients from falling victim.
"Make sure to inform the company that allegedly sent the package through their official contact details and don't use any contact information provided on the package itself."
Kushal advised people to change passwords after receiving an unexpected delivery.
"If you received an unsolicited package, the scammer is likely to only know your name and home address, but make sure to monitor your bank accounts in case you spot any strange activity," she added.
"Any suspicious QR codes should be treated with caution, especially if the webpage asks you to enter personal information after scanning it.
"As a general rule, avoid scanning any QR codes sent to you via packages, emails, and text messages unless you can confirm the source as legitimate."
How to protect yourself from scams
BY keeping these tips in mind, you can avoid getting caught up in a scam:
- Firstly, remember that if something seems too good to be true, it normally is.
- Check brands are "verified" on Facebook and Twitter pages - this means the company will have a blue tick on its profile.
- Look for grammatical and spelling errors; fraudsters are notoriously bad at writing proper English. If you receive a message from a “friend” informing you of a freebie, consider whether it’s written in your friend’s normal style.
- If you’re invited to click on a URL, hover over the link to see the address it will take you to – does it look genuine?
- To be on the really safe side, don’t click on unsolicited links in messages, even if they appear to come from a trusted contact.
- Be careful when opening email attachments too. Fraudsters are increasingly attaching files, usually PDFs or spreadsheets, which contain dangerous malware.
- If you receive a suspicious message then report it to the company, block the sender and delete it.
- If you think you've fallen for a scam, report it to Action Fraud on 0300 123 2040 or use its .