In the digital age, online shopping has become a staple for many Australians, offering convenience, variety, and great deals.

However, the ease of clicking and buying comes with risks, as highlighted by one unfortunate incident involving THE ICONIC, Australia's largest online retailer.

A customer lost $700 due to a ‘critical lapse in account safety measures’ implemented by the online shopping platform.

They shared their plight on social media, saying, ‘Recently, my wife’s account was fraudulently accessed. Without any notification, warning, or confirmation, the email address associated with her account was changed.’

A customer lost $700 due to THE ICONIC’s security lapse. Credit: THE ICONIC

‘No steps were taken to verify this change, leaving her account completely compromised.’

‘The intruder went on to purchase a $700 watch using the credit card linked to the account,’ they added.

The customer also criticised THE ICONIC for having 'literally zero measures to guard, verify or even notify you of account changes.'

The alleged lack of basic security features is not only alarming but also goes against the expectations of customers who trust these platforms with their personal and financial information.

In response to these claims, news website news.com.au conducted its own investigation and confirmed that while THE ICONIC does send an email to confirm password resets, it does not notify the customer if the associated email address is changed, modified, or removed.

This meant that the customer did not receive any emails with receipts from the hacker’s $700 watch purchase.

The reason? The email address was altered.

Most companies send emails or text messages asking their customers to confirm if they are responsible for the ‘suspicious’ activity of accessing or changing their crucial information.

Typically, online services employ multi-factor authentication (MFA) to enhance security, requiring multiple proofs of identity before granting access to an account.

MFA is a critical layer of defence against unauthorised access, and its absence is a glaring omission in THE ICONIC’s security protocol.

The social media post resonated with many users, prompting discussions about the necessity of robust security measures like MFA.

‘The absence of these fundamental security features not only goes against customer expectations but also undermines the trust and reliability of a service that many use daily,’ the customer wrote.

‘Implementing these should be a basic standard, not an afterthought. It is inexcusable to not have these basic account security features in place.’

The customer also tried to get THE ICONIC’s attention, but they haven’t received a response yet.

‘Contacting them is laughably convoluted and slow,’ they said.

The situation sparked awareness among several THE ICONIC shoppers. Credit: Freepik

The customer’s post received several comments, and they called out the brand.

‘Multi-Factor [Authentication] is a must. I wouldn’t be trusting my credit card details with a site that didn’t support it,’ one person wrote.

‘Yeah, absolutely—unfortunately, THE ICONIC has zero account safeguards. We’ve taken steps to remove all CC (credit card) details from similar vendors and just rely on PayPal or ApplePay to prove an extra layer before a purchase can be made,’ another said.

A third added: ‘That sucks, I didn’t realise there was no security. They should add a minimum question [about] new device sign-ins and definitely notify of account changes.’

The post also prompted many to reconsider their accounts with THE ICONIC, with some deleting their payment information saved with the brand.

THE ICONIC’s spokesperson has acknowledged an increase in fraudulent activity and has urged customers to be vigilant with their account security.

‘We have recently seen an increase in fraudulent account login attempts on THE ICONIC, which our security and fraud teams continue to actively manage in conjunction with our security partners,’ the spokesperson said.

‘We are working with all customers to address these incidents, which are not a result of a data breach at THE ICONIC.’

‘The security of our customer data is of the utmost importance to us, and we continue to work with our third-party security partners to protect against all fraudulent activity.’

With the advancement of technology today, it’s easy to fall prey to sophisticated scams.

Case in point: A woman lost her entire savings to a text scam that appeared to be from her bank, HSBC. You can read the details about this scam here.

If you suspect that your account has been compromised, report it to your local law enforcement agency immediately.

You can also report it to Scamwatch here. You may also contact 000 in case of emergencies.

Key Takeaways

• Online retailer THE ICONIC has faced criticism after a customer account was compromised, resulting in a loss of $700 due to inadequate security measures.
• It has been reported that critical account changes, such as changing the associated email address, do not require customer confirmation, allowing a hacker to purchase items without the account owner's knowledge.
• Customers and online users voiced concerns over the lack of multi-factor authentication and other basic security safeguards, leading some to remove payment details from their accounts with THE ICONIC.
• THE ICONIC acknowledged an increase in fraudulent account activities and emphasised their commitment to customer data security, stating they are actively managing the situation with their security and fraud teams and third-party partners.

Have you ever encountered a similar situation? Share your experiences and tips in the comments below.

 

[Robbo3006]

In the digital age, online shopping has become a staple for many Australians, offering convenience, variety, and great deals.

However, the ease of clicking and buying comes with risks, as highlighted by one unfortunate incident involving THE ICONIC, Australia's largest online retailer.

A customer lost $700 due to a ‘critical lapse in account safety measures’ implemented by the online shopping platform.

They shared their plight on social media, saying, ‘Recently, my wife’s account was fraudulently accessed. Without any notification, warning, or confirmation, the email address associated with her account was changed.’

View attachment 38863

A customer lost $700 due to THE ICONIC’s security lapse. Credit: THE ICONIC

‘No steps were taken to verify this change, leaving her account completely compromised.’

‘The intruder went on to purchase a $700 watch using the credit card linked to the account,’ they added.

The customer also criticised THE ICONIC for having 'literally zero measures to guard, verify or even notify you of account changes.'

The alleged lack of basic security features is not only alarming but also goes against the expectations of customers who trust these platforms with their personal and financial information.

In response to these claims, news website news.com.au conducted its own investigation and confirmed that while THE ICONIC does send an email to confirm password resets, it does not notify the customer if the associated email address is changed, modified, or removed.

This meant that the customer did not receive any emails with receipts from the hacker’s $700 watch purchase.

The reason? The email address was altered.

Most companies send emails or text messages asking their customers to confirm if they are responsible for the ‘suspicious’ activity of accessing or changing their crucial information.

Typically, online services employ multi-factor authentication (MFA) to enhance security, requiring multiple proofs of identity before granting access to an account.

MFA is a critical layer of defence against unauthorised access, and its absence is a glaring omission in THE ICONIC’s security protocol.

The social media post resonated with many users, prompting discussions about the necessity of robust security measures like MFA.

‘The absence of these fundamental security features not only goes against customer expectations but also undermines the trust and reliability of a service that many use daily,’ the customer wrote.

‘Implementing these should be a basic standard, not an afterthought. It is inexcusable to not have these basic account security features in place.’

The customer also tried to get THE ICONIC’s attention, but they haven’t received a response yet.

‘Contacting them is laughably convoluted and slow,’ they said.

View attachment 38862

The situation sparked awareness among several THE ICONIC shoppers. Credit: Freepik

The customer’s post received several comments, and they called out the brand.

‘Multi-Factor [Authentication] is a must. I wouldn’t be trusting my credit card details with a site that didn’t support it,’ one person wrote.

‘Yeah, absolutely—unfortunately, THE ICONIC has zero account safeguards. We’ve taken steps to remove all CC (credit card) details from similar vendors and just rely on PayPal or ApplePay to prove an extra layer before a purchase can be made,’ another said.

A third added: ‘That sucks, I didn’t realise there was no security. They should add a minimum question [about] new device sign-ins and definitely notify of account changes.’

The post also prompted many to reconsider their accounts with THE ICONIC, with some deleting their payment information saved with the brand.

THE ICONIC’s spokesperson has acknowledged an increase in fraudulent activity and has urged customers to be vigilant with their account security.

‘We have recently seen an increase in fraudulent account login attempts on THE ICONIC, which our security and fraud teams continue to actively manage in conjunction with our security partners,’ the spokesperson said.

‘We are working with all customers to address these incidents, which are not a result of a data breach at THE ICONIC.’

‘The security of our customer data is of the utmost importance to us, and we continue to work with our third-party security partners to protect against all fraudulent activity.’

With the advancement of technology today, it’s easy to fall prey to sophisticated scams.

Case in point: A woman lost her entire savings to a text scam that appeared to be from her bank, HSBC. You can read the details about this scam here.

If you suspect that your account has been compromised, report it to your local law enforcement agency immediately.

You can also report it to Scamwatch here. You may also contact 000 in case of emergencies.

Key Takeaways

• Online retailer THE ICONIC has faced criticism after a customer account was compromised, resulting in a loss of $700 due to inadequate security measures.
• It has been reported that critical account changes, such as changing the associated email address, do not require customer confirmation, allowing a hacker to purchase items without the account owner's knowledge.
• Customers and online users voiced concerns over the lack of multi-factor authentication and other basic security safeguards, leading some to remove payment details from their accounts with THE ICONIC.
• THE ICONIC acknowledged an increase in fraudulent account activities and emphasised their commitment to customer data security, stating they are actively managing the situation with their security and fraud teams and third-party partners.

Have you ever encountered a similar situation? Share your experiences and tips in the comments below.

I've been scammed by av total security through PayPal, they charge your PayPal account for $9.95 hoping you don't notice then when you tell PayPal they say it was part of an ongoing charge previously set up, no refund and av total scam artists don't answer your emails, this is the second time, they wait 3 months then do it again, I've contacted the watchdog. A cashless society will hurt all of us, except the elites.

 

[Suzanne rose]

And that's why I don't link and save cards to on line shops .

Doesn't take long to use your card each time.

 

[June E]

I lost $95 due to Avast and pay pal. The program did not work on my computer actually stopped the internet working. It was a trial so I cancelled a number of times Avast said they didn’t receive the cancellation and took my money. Pay Pal wouldn’t help either.
I don’t agree with going cashless but if things go that way everything online needs a good overhaul to protect consumers!

 

[PattiB]

I lost $95 due to Avast and pay pal. The program did not work on my computer actually stopped the internet working. It was a trial so I cancelled a number of times Avast said they didn’t receive the cancellation and took my money. Pay Pal wouldn’t help either.
I don’t agree with going cashless but if things go that way everything online needs a good overhaul to protect consumers!

What is Avast June?

 

[Jarred Santos]

What is Avast June?

I think it's an anti-virus service :O

 

[maxesmum]

You can’t entirely blame Iconic. Saved credit card details in an online store are accidents waiting to happen,in my opinion. Never,ever save your details! Not your passwords,not your email addresses and never,ever your credit card details! It’s not rocket science,people! Simple rule of thumb. Don’t trust ANYBODY. Your device can be compromised,your computer can be hacked,nothing is safe. Just be mindful that anything that connects to the web is open to anybody and you are vulnerable.

 

[maxesmum]

What is Avast June?

Just use the free version,June. It’s just as effective. Personally,I’ve never installed virus software on my computers. It slows them down. That’s just my opinion and I’ll be howled down for it. However,in 30 years I’ve never had a scrap of trouble. Just simple maintenance and common sense should see you right,like not clicking questionable sites or saving banking details and the like.

 

[Macarj]

Iconic should pay back the $700 they admit it is there fault I only use PAYPAL on line never had a problem in the 10 or so years I have used them

 

[PattiB]

Iconic should pay back the $700 they admit it is there fault I only use PAYPAL on line never had a problem in the 10 or so years I have used them

I always use PAYPAL also & haven’t had any problems. Still pays to be careful though & only shop on well known sites. I think Iconic have said that they’ll refund people but they need to update their security as well instead of blaming customers. I certainly don’t ever save credit card detail, it doesn’t take long to input them. Thank goodness most businesses use PayPal.