Scam artists have been using hacked accounts from retailer Kohls.com to order high-priced, bulky merchandise that is then shipped to the victim’s home. While the crooks don’t get the stolen merchandise, the unauthorized purchases rack up valuable credit called “Kohl’s cash” that the thieves quickly redeem at Kohl’s locations for items that can be resold for cash or returned for gift cards.
KrebsOnSecurity reader Suzanne Perry, a self-professed “shopaholic” from Gilbert, Penn., said she recently received an email from Kohls.com stating that the email address on her account had been changed. Recognizing this as a common indicator of a compromised account, Perry said she immediately went to Kohls.com – which confirmed her fears that her password had been changed.
On a whim, Perry said she attempted to log in with the “updated” email address (the one the thief used) along with her existing password. Happily, the thieves had been too lazy to change it.
Click here for full article.