Online retailer The Iconic has promised to refund customers after an explosion in fraud transactions has left countless shoppers scammed out of thousands of dollars.
Swathes of shoppers have taken to social media platforms and The Iconic’s Facebook page to voice their concern and frustration over a string of fraudulent orders being made through customer accounts.
The bulk of these complaints detail unexpected transactions to The Iconic – typically in the hundreds and sometimes exceeding $1,000 – suddenly appearing on customers’ credit card statements.
On discussions platform Reddit, user sroberts84 said they noticed a $304.95 transaction appear over the weekend before describing the response from the retailer as “pretty hopeless”.
“So I noticed a $304.95 transaction on my credit card from The Iconic yesterday, which was not me,” wrote sroberts84.
“Have contacted The Iconic via a chatbot as the only way available and am awaiting a response.
“Productreview.com.au tells me this isn't an isolated incident over the past week, and so far, their response has been pretty hopeless.”
Before long, countless users began reporting similar incidents of their own, often expressing similar frustrations at the retailer’s lacklustre support.
“Same thing happened to me last week for like $1,000 and I had $200 credit. I haven't heard anything back yet,” wrote user LongWalkToForever.
“I’ve just woken up to the same thing, two transactions totalling nearly $500,” wrote cookiemomster85.
While there are far too many customer reports to detail here, the sheer volume of complaints on social media suggests the issue is widespread and growing.
In a statement provided to Information Age, a spokesperson for the retailer conceded it had “recently seen an increase in fraudulent account login attempts on The Iconic”, but emphasised the incidents are not a result of a data breach of its own.
According to recent financial results from parent company Global Fashion Group, The Iconic boasts more than 2.1 million active customers.
Although a small number of customers first began reporting account compromises and fraud transactions as early as late November, it wasn’t until this week that shoppers and media outlets began suspecting a wider issue was at play.
After the number of complaints skyrocketed in January, a spokesperson from The Iconic said its teams are working to provide full refunds to impacted customers.
“Our teams are also proactively intercepting unauthorised access attempts and cancelling any fraudulent orders made, in addition to providing customers with full refunds for any successful orders made that have been dispatched,” they said.
Suspected credential stuffing hacks
Many of these first-hand accounts point to a potential “credential stuffing” hack – a cyber attack which exploits already-compromised login details from one platform to gain access to other platforms using the same details.
This was backed first-hand by a spokesperson for The Iconic, who reportedly told the ABC those affected had indeed been subject to credential stuffing.
Information Age spoke with Victoria-based customer of The Iconic, ‘Steve’, whose experience of a fraudulent transaction through the retailer lined up with the typical symptoms of card fraud or a potential credential stuffing hack.
“We had our details cloned on the 29th of December originally and had approximately $4,000 taken out of our account with places like the Apple Store,” said Steve.
“On the 2nd of January the scammers tried to take another payment which was The Iconic.”
When asked what support he had received from the retailer, Steve said The Iconic had simply advised him to change his passwords.
Steve said he is still trying to confirm where and how his details were initially exposed, and that his bank has not been able to recover all of his lost funds.
“It appears I’ll not get it all back,” said Steve.
“I’m down at this stage $4,000, not great.”
A spokesperson for The Iconic – which last year confirmed it had cut its workforce size by 6 per cent – said its security and frauds teams continue to “actively manage” the incidents in conjunction with its security partners.
“The security of our customer data is of the utmost importance to us and we continue to work with our third-party security partners to protect against all fraudulent activity,” they said.
“We encourage all Iconic customers to be vigilant when it comes to proactively managing their account security by regularly changing their passwords.”
