Kohl’s Cash – New Target for Hackers in 2016

According to a joint study done by KingRogers International and The Retail Equation, approximately nine percent of all returns in the United States are fraudulent. The National Retail Foundation estimates that the problem will cost U.S. retailers nearly $11 billion this year.

Many gift cards from top retailers are sold online through third-party sites that specialize in reselling used or unwanted cards. Consumers can choose from thousands available for purchase at a fraction of their face value. Some of these are legitimate but many of the deeply discounted gift cards for sale online are in fact available due to merchandise return fraud. Shoppers who unknowingly buy these cards for their great value may be playing a part of unwittingly helping thieves rob the card-issuing stores. The scam used in this type of crime is to obtain the gift cards by stealing merchandise from one retail store and then returning the items to another without a receipt thereby receiving store credit on the retailer’s gift card.

In a report from Internet security expert Brian Krebs, he states that retailer Kohls.com is now experiencing losses due to fraudulent activity as hackers have illegally accessed some Kohl’s customers’ accounts. Once gaining access to the account, the scammers order large, expensive merchandise and ship it to an unsuspecting victim’s home. The thieves don’t obtain the stolen merchandise but the unauthorized purchases build up credits known as “Kohl’s Cash.” It’s a form of rebate that Kohl’s offers customers — currently $10 for every $50 spent at the store which the thieves then quickly redeem for items at Kohl’s locations and resell them for cash or return the items for gift cards.

A Kohl’s spokesperson said the company knew of a limited number of cases where fraudsters have obtained login information from outside sources to make purchases to earn Kohl’s Cash and that Kohl’s is always working to protect the customer shopping experience. The spokesperson also said the company would continue to look at ways to make it more difficult for fraudsters in the future. Kohl’s reminds shoppers to regularly change their passwords and not use the same password for multiple accounts.

Weak passwords or re-using the same password at multiple sites can make you more vulnerable to this type of fraud. Microsoft offers the following additional tips for creating strong passwords:

  • Passwords should be eight or more characters long.
  • Passwords should include a combination of letters, punctuation, symbols and numbers. Use the entire keyboard, not just the letters and characters you use or see most often.
  • Passwords should be changed often — every three months is recommended — to be most effective. This applies to your email, banking and credit card websites, too.

Anyone that uses the Internet needs to understand the importance of strong passwords, but it is especially important for your small business accounts. The threat of data breach is very real for small businesses; an attack can be catastrophic, leaving many unable to recover.