Ordering a new phone? Watch out for this convincing scam that hits immediately after
Source: ZDNet
ZDNET’s key takeaways
- A phone call telling you to return a new phone may be a scam.
- The scammer simply keeps your phone instead of replacing it.
- Hang up on such calls and contact the carrier directly.
The next time you receive a new mobile phone through the mail, be wary if someone calls claiming that you were sent the wrong device and that you need to return it. That could be a scammer looking to get their hands on your expensive new gadget.
This scam hit close to home for one of ZDNET’s editors. Hours after getting a new phone from Spectrum through the mail, she received a call that appeared legitimate. The caller claimed to be from Spectrum, knew her name, address, and the type of phone she had ordered, and said a mix‑up had occurred. When the editor tried to call back later, the “representative” insisted he would call her back—prompting her to realize it was a scam.
After contacting Spectrum, the editor learned this is a common swindle. The scammer tells the victim to ship the phone, promising to send a correct one in return, but keeps the device to sell it or use it for identity fraud.
In the following days, the editor received dozens of spam calls, roughly every 15 minutes, likely related to the attempted scam. The scammer not only knew her personal details but also the exact phone model. When she asked the Spectrum agent how the scammer could have obtained that information, the agent avoided answering.
A similar incident was reported in a Reddit post. An Xfinity customer received a new phone via FedEx, then an hour later got a call from someone claiming to be an Xfinity agent. The caller said the phone was wrong and needed to be returned, directing the customer to a FedEx location and a QR code for a shipping label. When the customer asked for the account number, the caller could not provide it. A call to the real Xfinity confirmed the delivery was fine and that it was a scam.
What’s the story behind this kind of crime?
“This is a classic social engineering scam that’s been adapted for mobile device purchases,” said Kern Smith, senior VP of Global Solutions Engineering at mobile security provider Zimperium. “Attackers impersonate a carrier, claim there’s an issue with a newly delivered phone, and try to convince the customer to return it using a QR code or alternate shipping instructions. It’s designed to exploit trust and urgency at the exact moment someone receives a new device.”
Smith noted that while the tactic isn’t new, the timing and level of detail have evolved. Attackers contact victims almost immediately after they receive a device, citing the specific model or carrier to make the scam more believable.
“That kind of information can come from data breaches, compromised email accounts, exposed shipping data, or even malware that monitors notifications,” Smith explained. “Attackers don’t necessarily need full access to a carrier’s systems. Sometimes leaked order confirmations or tracking information are enough to build a convincing story.”
How to protect yourself
“Consumers should never act on an unsolicited call about a delivery issue,” Smith cautioned. “If someone claims there’s a problem, hang up and contact the carrier directly using the official number or app. Be especially cautious of QR codes sent by text or email, as they can redirect to fraudulent sites.”
Related reads
- Beware the ‘Hi, how are you?’ text. It’s a scam – here’s how it works
- How to turn ChatGPT into a scam detector using the new Malwarebytes integration – for free
- This IRS text message scam keeps fooling people – 3 ways security experts avoid it
- The iPhone’s new call screening feature makes updating to iOS 26 totally worth it for me