Breaking
SpaceX And xAI Power A $1.77 Trillion Bet On AI Infrastructure GTA 6 Preorder Watch: Official Xbox Accounts Just Sent A Major Signal Anthropic Declares That The Next Big Step For Humans And AI Is AI That Builds Itself Via Recursive Self-Improvement Three Ways The SpaceX IPO Is Really About AI Can FIFA World Cup Compete With The Heat? — 4 Looming Challenges Could Americans Build Wealth Through AI? Why Trump May Be Considering Equity-Sharing Scheme AI Coding Startup Lovable In Talks To Raise Funding At A $12 Billion Valuation I Want iOS 27 To Give Us These Features That'd Be Perfect for a Foldable iPhone ​The Last AI Imperfection Just Vanished: Fraud Will Never Be The Same 8 Things To Know Before SpaceX Goes Public SoftBank’s Masayoshi Son Becomes Asia’s Richest Person Amid AI Boom New Study Shows How mRNA Vaccines Could Transform Cancer Treatment
Dark mode
Light mode
ClareNow
Search
ClareNow
Toggle sidebar
Cybersecurity ↓ Negative

The Delivery You Didn't Order: Breaking Down the 'Free Phone' Scam

If a phone you didn't order arrives on your doorstep, there's a good chance someone's trying to scam you. Here's how to recognize this scam and make sure you don't get tricked.

CNET 3 min read 6/10
The Delivery You Didn't Order: Breaking Down the 'Free Phone' Scam
Key Takeaways
  • FTC received over 400,000 unsolicited package complaints in 2023, up 78% from 2021, with average losses of $1,200 per incident.
  • Scammers often use data from major breaches (e.g., AT&T, T-Mobile) to target victims with personalized deliveries of mid-Android phones.
  • Activating an unsolicited phone can enable SIM-swapping, giving criminals access to bank accounts and two-factor authentication codes.
  • Elderly adults are disproportionately targeted; the Better Business Bureau reports similar scams involving tablets and smartwatches.
  • The FTC recommends returning to sender, freezing credit, and reporting via ReportFraud.ftc.gov as the primary defense steps.
A phone you didn't order arrives on your doorstep. That's not a free gift — it's the first move in a fast-growing identity theft scam that preys on curiosity and trust. Here's what you need to know to protect yourself and your finances.

The 'free phone' scam, also known as the unsolicited package scam, has surged in recent years as fraudsters exploit online ordering systems and stolen personal information. Victims receive a smartphone — often a mid-range Android model — they never purchased. The scam works like this: criminals use a real person's name, address, and sometimes Social Security number to open a cellphone account or order an expensive device using stolen credit card details. The phone arrives at the victim's home, the scammer intercepts it (or the victim unknowingly activates it), and the fraudster gains access to the victim's accounts, credit lines, and personal data. The Federal Trade Commission (FTC) reported a 78% increase in unsolicited package complaints between 2021 and 2023, totaling over 400,000 reports last year. Losses per incident averaged $1,200, with older adults disproportionately targeted.

The scheme exploits a common human reaction: curiosity. Many people open the package, plug in the phone, or attempt to contact a 'customer service' number printed on a fake invoice — all of which can lead to malware installation, phishing, or confirmation of the victim's identity as a valid target. Scammers often use information from recent data breaches (such as those affecting AT&T or T-Mobile) to personalize the delivery. In some variants, the phone arrives with a prepaid return label that leads to a scammer's address, or the packaging mimics a trusted carrier like Apple or Samsung. Security researchers at CNET have documented at least five distinct attack patterns tied to these deliveries, including 'brushing' (creating fake reviews) and 'phishing prep' (setting up a fake carrier login page).

Experts warn that the threat extends beyond the phone itself. Activating the device can give scammers access to your mobile number, enabling SIM-swapping attacks that drain bank accounts and hijack two-factor authentication codes. 'This is a low-cost, high-reward operation for criminals,' says cybersecurity analyst Lisa Forte. 'They spend $50 on a burner phone and potentially steal thousands.' The Better Business Bureau has flagged similar schemes involving tablets, smartwatches, and even smart home speakers.

To combat the trend, the FTC advises consumers to never open unsolicited packages unless they have explicitly ordered an item. If a phone arrives, take a photo of the package, write 'RETURN TO SENDER' on the label, and drop it at a carrier facility. Then file a report with the FTC at ReportFraud.ftc.gov and freeze your credit with all three major bureaus. The agency has also urged wireless carriers to improve order verification — for example, requiring a one-time passcode sent to an existing account before shipping a device. As holiday shopping surges, the free phone scam is expected to spike. Consumers should stay alert: if you didn't order it, don't touch it.

How to Spot and Handle the Free Phone Scam

A step-by-step guide to recognizing unsolicited phone deliveries and protecting yourself from identity theft.

  1. 1

    Identify an unsolicited package

    If a smartphone arrives that you did not order and no one in your household ordered, it is likely a scam. Do not open the box if possible.

  2. 2

    Refuse delivery or return to sender

    Write 'RETURN TO SENDER' on the package or hand it back to the delivery driver. Do not call any phone numbers printed on the shipping label.

  3. 3

    Freeze your credit

    Contact each of the three major credit bureaus—Equifax, Experian, TransUnion—to freeze your credit. This prevents scammers from opening new accounts in your name.

  4. 4

    Report the incident

    File a report with the Federal Trade Commission at ReportFraud.ftc.gov. Also report to your local police and notify your cellphone carrier of the fraud.

  5. 5

    Monitor your accounts

    Check your bank and credit card statements for unauthorized charges. Enable two-factor authentication on all important accounts and consider using an identity theft protection service.

Frequently Asked Questions

The free phone scam is an identity theft scheme where fraudsters use stolen personal information to order a smartphone in your name. The phone arrives at your home, and the scammer hopes you will open, activate, or interact with it, giving them access to your accounts and data.

Scammers obtain your name, address, and often Social Security number from data breaches. They order a phone using a stolen credit card or by opening a new cell account in your name. The device is shipped to you; then they either intercept it or trick you into activating it, enabling fraud.

Do not open the package or activate the device. Write 'RETURN TO SENDER' on the label and give it back to the carrier. Then freeze your credit with Equifax, Experian, and TransUnion, and report the incident to the FTC at ReportFraud.ftc.gov.

Never accept or open unsolicited packages. Keep your personal information secure, use strong passwords, enable two-factor authentication on your accounts, and monitor your credit reports regularly. Be cautious of any delivery that you did not initiate.

If you activate the phone or engage with associated phishing materials, scammers can steal your mobile number via SIM swapping, access your financial accounts, and commit identity theft. The average loss is over $1,200, and recovery can take months.

Elderly adults are disproportionately targeted, but anyone whose data has been exposed in a breach—such as recent telecom hacks—can be a target. Scammers often use publicly available information from breaches to personalize the attack.

Topics

identity theft free phone scam unsolicited package scam phone scams consumer protection fraud alerts mobile security data breach fallout

Original source

www.cnet.com

Read original

Discussion

Join the discussion

Sign in to post a comment or reply.

No comments yet. Be the first to share your thoughts!

Sign in
Enter your email to receive a one-time sign-in code. No password needed.
Email address