Scam Alert: If You Received An Unsolicited Smartwatch In The Mail, Don't Turn It On
PSA: A common tactic for cybercriminals is to plant storage drives, phones, or other Internet-connected devices loaded with hidden malware to hack victims and steal their information. Although smartwatches are not currently known to have serious security vulnerabilities, they have the same vulnerabilities and require the same precautions as other IoT products.
Recently, US military service members have reported receiving smartwatches in the mail that they did not order. It is not clear who sent the devices and why, but foul play is suspected and the army's Criminal Investigation Department (CID) is advising recipients not to flash their watches.
The CID reported that smartwatches automatically connect to Wi-Fi networks and smartphones regardless of the user's request to activate them, indicating that they may be attempts to infiltrate military networks. . If no one has confirmed that the devices contain malware or collect and send data, this remains a distinct possibility.
We know that Android phones and other Internet-connected devices have malware pre-installed by third-party vendors. While smartwatches have not been linked to major security incidents, they are particularly amenable to malicious espionage.
As wearable devices, they record and store large amounts of location and biometric data. They also have microphones, and wireless connections to phones can put these devices at risk. The biggest concern is that someone could use unsolicited gifts to steal military secrets.
Another, better explanation is that the senders are trying to get product reviews online in a fraudulent practice called scrubbing. This allows sellers to purchase their products and then ship them to random addresses and write positive reviews for the recipient on retail sites like Amazon to increase ratings and visibility. Even if you don't have an actual customer, the fact that someone bought and shipped the item gives reviews more validity in the retail system.
The United States Postal Inspection Service recommends reporting suspicious unsolicited packages from online retailers to the retailer, looking for fraudulent notices in their name on the retailer's website and verifying that their personal information has not been compromised. CID advises service members who find mysterious smartwatches on their front door to report them to local counterintelligence or security officials.
