Online retailer the Iconic has promised to refund customers who were charged large sums for fraudulent orders after having their accounts compromised.
The refund pledge follows a backlash from consumers, who have been posting their frustration on the retailer’s Facebook page.
The customers appear to have fallen victim to “credential stuffing”, a type of hack whereby previously exposed email and password combinations are used to access accounts on other websites.
A spokesperson for the Iconic said the retailer had recorded an increase in fraudulent account log-in attempts.
“We are working with all customers to address these incidents, which are not a result of a data breach at the Iconic,” the spokesperson said.
“Our teams are also proactively intercepting unauthorised access attempts and cancelling any fraudulent orders made, in addition to providing customers with full refunds for any successful orders made that have been dispatched.”
Some customers have complained on the retailer’s Facebook page that more than $1,000 had been taken from their accounts. The breach would typically involve orders being placed without the account holder’s knowledge, with the items then delivered to a nondescript postal address.
Some affected consumers had not ordered from at the Iconic for years.
“We encourage all Iconic customers to be vigilant when it comes to proactively managing their account security by regularly changing their passwords,” the spokesperson said.
Australians are engaged in an almost constant battle with scammers to protect their personal information, with ransomware and phishing attempts now commonplace.
There have also been a string of major data breaches, including the Optus and Medibank cyber-attacks.
Scammers have taken advantage of an increase in online purchases by sending out fraudulent delivery text messages designed to catch out unsuspecting online shoppers.
Richard Thame, chief executive of parcel delivery service CouriersPlease, said on Tuesday that overseas markets were getting rid of parcel tracking links sent via text messages because of the increase in fraudulent activity.
“Clickable links on mobile devices will die off over the year, and people will go back to receiving advice via emails to get links that are easily verified, then it will move to apps,” he said.
The consumer watchdog’s most recent report into scams found that reported losses increased to at least $3.1bn in 2022, representing an 80% increase from a year earlier.
The Australian Competition and Consumer Commission found that some victims suffered significant relationship and health consequences as a result of scams, simply because they responded to a “fraud alert call they thought was their bank” or “clicked on a link in a text message they thought was from a government agency”.