The US Army Criminal Investigation Division shared service members across the military are receiving unsolicited smartwatches in the mail.

The smartwatches come automatically connected to WiFi and began connecting to cell phones unprompted, allowing access to user data.

There is a possibility these watches contain malware, which could allow access to saved data such as banking information, contacts, and passwords.

Malware that can access voice and cameras was also found, which enabled access to conversations and accounts connected to the smartwatches.

This is described as brushing, which is the practice of sending products, often counterfeit and unsolicited. It’s described as an attempt to get positive reviews from recipients for the companies, hoping to help with compete with other companies.

The Criminal Investigations Division urges recipients to not turn the device on, and to report the devices to Counterintelligence or their Unit Security Manager.