Fraudulent Order on Kogan.com

Hello Guys,

Just wondering if anyone has any advice on this issue.

Around 11am today I noticed on my email that an order had been made last night at Kogan.com. This was around midnight - in fact there were 2 emails. The first was sent to my email under my correct name, saying a new address had been added. Following that was an email about an order made worth 2.2k (imac and airpods). Clearly account was hacked and I (stupidly) had a saved card. Not only had address been changed, they had then changed name on the account - given it is from a new IP address and he changed password on the account, I would have hoped Kogan would want authorisation on the order but evidently not.

First issue - realised Kogan have no phone number. I had to reset password on account myself but unable to cancel order. I send emails straight away to Kogan requesting callbacks and explaining issue.

In meantime I called American Express, lodged a paypal dispute and also called police station. I assumed the money I could get back but the address he had entered was a parcel locker (2 I think) not too far from my actual address. They said would run the name, lodge internal report and took my details but unsure they will/can do too much.

This afternoon Kogan sent the email saying had been dispatched - sent them further messages but without a phone number it is ridiculous. Called AusPost and gave them tracking number and explained it all but since it is not in my name they basically can't do anything. They were saying I could be a frauster trying to get it re-sent to me even though I explicityly said I want it returned to Kogan, nothing more.

So that is where I am at - waiting for Kogan to get in touch with me. Even used facebook messenger in case was any more fruitful but they just redirected it as an email to customer care anyway so zero help.

I am thinking best to call Police again now I know package is underway - is there anything I am missing? Very frustrating.

Cheers

Related Stores

Kogan
Kogan
Marketplace

Comments

      • +3

        Sad that scumbags get a freebie, But I have no sympathy for Kogan here, they have intentionally made it difficult/nigh on impossible to contact them and they don't respond in a timely manner. Perhaps if this happened a little more often they would actually provide some actual customer service. Your lesson is to avoid dodgy sites like Kogan regardless of how small the transaction (and yeah always check that your card details are not being saved). I accidentally ticked one that linked it to paypal last week, I then immediately went to paypal to delete that authority as even if I trusted the store there is always the chance that someone will gain access to the account.

      • +1

        Sounds like a kogan problem to me

  • +2

    Ask the post office lady or man, if you could forward the details of the locker person to your local police station once package has been picked up, name address and ect.

    Then take it to the fair trading building, and speak to them about kogan by writing a letter, and issue in regards to the service they poorly offered by not helping you, to force Logans hand on a refund, while the police assess the thief.

  • +1

    1300 304 292 is the number for Kogan.

    • +5

      Doesn't work though - just directs you to online unless its a kogan mobile issue. Horrible the way they do things there.

  • +2

    If I recall correctly, Kogan sends out an email if someone has logged in on an unknown new device. Did you get this?

    • no nothing like that - literally had 2 emails. First was to my real name saying that a new address was added - if it is not you then login blah blah but was gone midnight, I was in bed. Then second was the order invoice by which time he had added a new name as well as that prior address. They processed it no issues

  • -2

    Lesson: use two factor authentication!!!

    • I don't think Kogan has that as an option

      • +5

        Wow really? I guess never save credit card details with kogan then.

        • +3

          yeah I just removed my cards!

  • I had this happen a few years ago, a fradulent transaction with Dell, I couldn't contact them and they sent the package out.

    You shouldn't worry about it, you've done everything right, you'll be able to get a chargeback from your credit card provider, might take a month or so

  • Glad you sorted it out.
    What are the chances of being hacked by someone near you?..Unlucky it seems.

    • too coincidental surely - I am assuming they picked one near my real address to make it less blatant? So possibly a travel for them to get to the parcel locker when delivered.

      • +9

        Or possibly means they had access to information about you already, anything missing from mailbox lately? perhaps something you have signed up to lately in your area (store purchases etc). You should also check your email address isn't on https://haveibeenpwned.com/ and if so you need to ensure you have changed anything linked to that account.

  • +2

    If the police and also Kogan are uninterested in doing anything, wouldn't this just give an idea to fraudsters to get free stuff?

    1. Create Kogan account, buy low value items, and save payment details.
    2. Ask a mate to buy expensive items using the "hacked" account, or do it yourself using a different IP address.
    3. Report to Kogan and PayPal/bank that account was hacked, initiate chargeback.
    4. Profit. Back to step 1.
    • +8

      I would say so - kogan eventually emailed me back late last night, no phone call. They just said;

      Thanks for notifying us and I'm sorry to hear of this.
      This transaction was approved by PayPal.
      Please contact them as soon as possible to secure your account and provide you with a refund if this was an unauthorised purchase.
      Since this is a serious matter of account theft, it is important that PayPal is notified and processes your refund.
      Once again, I'm very sorry to hear that this has happened. Please let me know if I can assist you with anything else.

      Doesn't seem like they care one iota for fact the products are getting stolen since they know products have been posted.

  • +1

    Kogan has a weird system and concept about sell and refund, they deduct and confisicate the cost of shipping cost from the refund should you return the item that was purchased under a Kogan first membership, which they clearly indicate the shipping is free at time of purchase.

    Since then I had stopped buying from Kogan for that reason although I still have credit remain with them.

  • +4

    For update - it is out for delivery. I am still getting updates as its associated to my auspost - assume its because my email/number were unchanged on the order. I guess he is also getting updates though as he selected the address/parcel locker.

    Called auspost again to see if they could/would do anything but again just told as it is in his name they cannot do anything even though she admitted its blatant fraud and ridiculous that they couldn't.

    Even had the auspost text asking to select 2 - someone at home and 3 - no-one is home. No other options. Surely it won't be just left at the locker with no signature or anything, will find out anyway.

    Kogan emailed late evening telling me to contact paypal. Zero mention of stopping delivery etc. Replied and nothing in the 11 hours since so they literally just don't care.

    • +1

      select 3

    • Surely it won't be just left at the locker with no signature or anything, will find out anyway.

      By entering the PIN to collect the item, that's basically the signature.

  • +61

    Final update;

    Had notification parcel was delivered - went to post office though not the locker. Called the police to tell them that and they just asked me to phone the post office and for the post office to contact them so they could nab if and when collect.

    Phoned post office and can you believe it, I phoned 5 minutes after Kogan! They asked them not to release but hadn't filled out proper request so that was still pending but she checked my details and details on parcel and assured me it will not be getting released if anyone comes in and will go back to Kogan.

    As people stated little reason to do Kogan a favour but rather it is returned to them than the fraudster got hold of it.

    • +15

      Dust off your hands mate, well done. Hope ya get your refund quick..

    • +6

      Awesome work!

      In the end it wasn't about saving Kogan money, it's about making sure the fraudster doesn't get the goods and hopefully gets caught.

    • +8

      Can I just say, thanks for the updates. It's actually so reassuring knowing these things are resolved :D good on you OP for sticking it out!

    • +2

      It would be interesting to see if the police do nab them, but either way Aust Post should be able to provide details of the owner of the Parcel Locker.
      Are parcel lockers going to become the bitcoin of the delivery world? (presumably not because there must be a certain amount of personal identification required for a parcel locker)

    • Well done mate.

  • +15

    kogan managed to dispatch and auspost to deliver within 1 business day? doesnt sound like kogan and auspost at all!!

    • +3

      Since Kogan and the OP are both based in Melbourne, it's very possible

      • +5

        Ha yeah, both in Melbourne but admittedly very fast! Almost too quick in this instance.

  • -3

    Contact a technology journalist — one of the writers for your local city's newspaper. They will have the PR contact for Kogan and will be able to get in touch with them directly and get this sorted out on your behalf.

    Alternatively, call Kogan on 1300 304 292. I found this by doing a Google search for "Contact Kogan by phone" and one of the answers from Google was "What is Kogan's phone number".

    • That number is useless as referenced before - just directs you to use website. No option to speak to a person, tried it multiple times.

  • +11

    I just logged into my Kogan account & my name has been changed to someone with initials L.C. (I won't list the full name here for now).
    Unusual name so I googled them & their facebook page says they live in Geelong so it could be the same person.
    Luckily no bogus orders but two items in the cart:
    Apple 13.3" MacBook Air 2019 MVFN2
    Apple iPhone 11 (128GB, Black)

    I've changed password, removed cards (normally I don't save cards but must have done at some point), removed their parcel locker (in a different state!).

    I bit too conincidental - perhaps Kogan's been hacked?

    I recommend others log into their Kogan account to check!

    • +3

      Just logged into my Kogan account; all good on my end but I did remove my saved credit card

      • +3

        Looks like the Kogan hacking is a big issue:
        https://www.productreview.com.au/listings/kogan?q=hacked

        • +3

          As I said in earlier post do some basic googling on Kogan you may be shocked. I would never buy from them.

          • @Patchy01: I have purchased quite a few bargains from them & never had any issues to date (mind you, this makes me skeptical about their security!).

            • @Gaz1: I'm not suggesting everyone will get burned, but I am saying the risk is considerably higher with dodgy cowboy etailers like them.

    • +5

      It is the same guy mate with those initials - look the name up on facebook and tell me if he lives in Geelong?

      Edited - you already said that haha. Yeah same guy, crook.

      My order was for Airpods Pro and Apple Macbook (I mistakenly said IMac earlier on I think) - 2.2k or so worth.

      • +2

        Same name but my parcel locker was in postcode 2076 - maybe they don't need ID for pickup & have people all over the place to distribute the risk.

    • +1

      I missed the Kogan change of address emails (as I have Kogan emails auto-sorted into a different folder), but this happened on Sunday just after midnight.
      Another Kogan email said it was accessed from a new device in USA.
      I also had 2 emails on 21/5 saying access from from China & India, so Kogan is in big trouble if they don't sort this out.

      • Sounds like it was a bigger hit than just me - exact same in terms of timing here. Had the mail that address had been added, then the order followed that.

        Parcel locker was in Forest Hill 3131 for reference.

        I never had the email about being access from a new location for some reason.

        • +5

          Hey mate, if you haven't already done so I would report this crime here:

          https://www.cyber.gov.au/report

          It will take forever to be followed up but if the culprit is dumb enough to have left a trail he could be nabbed.

          • @bxpressiv: Good idea. I would have thought the parcel locker ownership should lead to the culprit quite easily.

            • +1

              @Gaz1: I got scammed on Gumtree due to my own stupidity and I knew I'd never get my money back. I figured the least I could do was report it in the hope it might protect someone else. I actually got a follow up call from the local Police fraud unit months later after it had been referred to them from the ACSC. If the culprit is dumb they might actually follow it up as the ACSC and the units they refer it to will be more interested than your front line coppers.

          • +1

            @bxpressiv: Cheers mate - yeah filled out a report on there. Noticed they said may take some time to hear anything but will see if anything does eventuate from that.

            • @ArtMaster: Cool, from memory ACSC will view your report, assess it's not a federal crime and then refer it to an equivalent local Police cyber unit for follow up, emailing you when they do so.

  • +1

    You’ve done all you can, if the stuff is stolen Kogan should be the one who cops the loss.

    Their service is pretty bad!

  • +1

    Does Kogan have Multi-factor Authentication?
    With websites that store financial data it would be best to turn on Multi-factor Authentication.
    Good news you got refunded, as an extra you should enable MFA for your Paypal/kogan accounts.
    :D

    • +1

      It sounds like they are in breach of the PCI-DSS compliance requirements and basically not legally taking care of payment data. Security not up to scratch. scary.. I noticed that it misused my paypal details, went through and charged paypal without prompting for which card or confirmation, seems like this is only the tip of the iceburg with Kogan issues after reading this thread.

  • +3

    Wow. Sorry mate. I have no idea what to suggest but thanks for posting this as a warning to us. I just logged into Kogan and they’d managed to save ,y credit cards on my account. I had no f-ing idea they were saved as i never usually save cards. Both deleted now.

  • +1

    Just logged in and removed my saved cards. Cheers OP.

  • +4

    Just deleted my saved CC in Amazon.

    Thank you for the kind reminder.

  • +1

    Thanks for the updates, and persistence.

  • +2

    Happened to me a couple of weeks ago. Cancelled order before it got shipped and unlinked paypal account. Was for 3 Airpods.

  • Thanks for sharing OP. I have similar experience with PayPal/Ebay where basically my name and address got changed by hacker and a few items were ordered. Silly me didn't have 2-factor set up and it was an easy job for hackers to change details and order products without me noticing it. Lesson learnt from that was to set up everything with 2 factor and I guess in your case, don't ever store credit card details on third party websites.

    I don't think they'll take any responsibility if your account got hacked and your card details are stolen from their website?

    Good to know everything was sorted and great persistence!

  • +1

    Damn.. Checked my Kogan account.. noticed i was charged $99 for 1 year sub Kogan First! The email notification to cancel before renewal from Kogan is under the spam/promotion folder. May want to check yours!

  • So it appears a few accounts were hacked in a similar way, similar items & similar use of parcel lockers.
    I understand how the hackers might have been able to brute force passwords (presumably due to Kogan not taking action for these attempts), but how could they get all of the account email addresses? Maybe the Kogan database was accessed?

    • +1

      Inside job.

    • Still going on, happened to me just yesterday, wish I had seen this thread…

  • +1

    I've logged into my Kogan account and can see that my CC details is saved but for the life of me, I cannot find how to delete it even after cancelling my Kogan First membership so that there isn't any pending charges coming through.

    Anyone here able to shed some light? They dont' make it easy to remove your payment details from their site that's for sure.

    • +1

      I went into saved credit cards & there was a delete option for each card:
      https://www.kogan.com/account/dashboard/account/credit-cards...

    • Ok, i've finally managed to remove my credit card details. I had ended my Kogan first paid monthly membership but as it was still active (had 15 days to go, it didn't allow me to remove my CC details - so weird). As soon as my membership expired, then it allowed me to delete the card. Not a great programming logic going on there but hopefully this will save others some grief if they experienced the same problem.

  • +2

    This could be triangulation fraud. So the recipient may not be the fraudster. Check this https://youtu.be/2IT2oAzTcvU

  • +1

    Yep same happen to me last night, credit card smsed asking to verify transaction, which I said it wasn't, then submitted a PayPal claim and emailed Kogan, PayPal refunded and Kogan cancelled the order. Nunawading Parveen locker though not in Geelong.

    • Mine was addressed to a parcel locker in NSW in my name.

      • +2

        Which implies you don't need ID matching the name on the package to collect your item from a Parcel Locker.

        • No, just the mobile phone number and six digit access code, or QR code

          • @kerfuffle: According to Auspost if the parcel locker is registered in a different name to what is on the package (as it was in my case) it shouldn't, according to their rules, be put in the locker.. But clearly that has been happening or why else would they bother running the scam like this..

      • Because it was in my name andthe parcel locker was registered in a different name Auspost said he SHOULDN'T be able to pick it up.. But they put a block on it anyway, as was my name and I had tracking number they stopped the parcel from being put into the parcel locker…

  • You cannot open a aust post account for locker without digital ID, such as drivers license, so likely its a real name

    • +1

      unless he stole a drivers license

  • +2

    Thanks for this thread - I've learned a lot more about Kogan and will be actively avoiding.

  • I have just tried to delete my account but can't find anywhere to do it

  • I've logged into Kogan and changed my password. Not linked to any cards or Paypal anyway.
    They don't have two-factor right? Can't see any options for it.

  • -1

    Do a chargeback with your bank, and see if you can take any sort of action against those despicable price-gougers at Kogan.

  • -1

    It sucks that people can take advantage, but it's the system's responsibility to follow up. And you shouldn't be upset. It's the insurance company who is going to pay that $2,000 because everybody else shuts down your efforts along the way. People run the risk pulling this scam together. This guy has done you a solid by helping you bleed an insurance company with a reasonable alibi. I call it a win.

  • Thanks for the PSA, I've changed my password and removed my credit card. You can also remove External Account links (PayPal, Google, Facebook).

  • were the addressee's initials R.K.?

  • Wow. I would really expect to hear something from Kogan here. Either an acknowledgement of a breach or a flat denial. Something very hinky is happening here.

    • I'm sure Ruslan knows what's going on. There's no incentive for him to care.

  • +4

    It's called Password Spraying, your username/password gets hacked when a big website gets breached and you use the same password on every other account.

    Pretty common, I doubt it's Kogan being hacked at all..

    Check your email at https://haveibeenpwned.com - Make sure you use a password manager if you can't remember 1000 passwords

  • Just read your article, went and checked and noticed my credit card details are stored. Tried to remove them, but there is no option to remove them. The option of removing my credit card details requires me to cancel my kogan membership does not have an option.

    • kogan money credit card?

      • no it's my normal credit card. The caption they have is please remove your kogan subscription, but i can't remove the subscription.

    • I went into saved credit cards & there was a delete option for each card:
      https://www.kogan.com/account/dashboard/account/credit-cards
      Maybe it won't let you delete if you have a Kogan subscription?

      • yeh that's the problem i have, but i have clicked unsubscribe. Unsure on how to remove my card now. Little or no options to contact kogan to remove my card from their website.

  • Exact same thing just happened to me, macbook pro and they tried airpods after that, to a parcel locker.. Though Auspost believed me and launched an investigation and will hold the mail, so that is one laptop they won't get.. They did it at 1am so I didn't see the address added until I got up and Kogan had already marked "dispatched" even though it wasn't for about 8 hours according to AustraliaPost, but that stopped me from cancelling the order (good work kogan)..

    Kogan and paypal couldn't care less, police report to bank who will claw back off paypal.

    Paypal said "automatic payment (linked) your problem" and closed the dispute…

    There are so many here and on product reviews it looks like Kogan has been hacked and they are not informing all customers, by law they have to.. So who do we take that to?

    • https://www.ozbargain.com.au/node/541728?page=1#comment-8799...

      They're the ones interested in cyber crime and if they see something systemic with multiple people reporting they may do more about it.

    • Success, the parcel has been returned to Kogan.. Now whether Kogan play games regarding giving me the refund, is a whole different matter… At the moment Paypal are telling me to get Kogan to refund me and Kogan are telling me my best hope is to get Paypal to refund me…

  • Happened to me last night too. Luckily I was up and canned it straight away.

  • ref kogan.com , if you have first you can remove credit card details. anyway around it? it would even accept a prepaid coles mc?

  • Happened to me last night - got 3 emails saying my account has been accessed. Lucky me I don't have any CC details saved. Also found the similar thread here: https://forums.whirlpool.net.au/archive/3jw0q7n9 . Reading through the comments it feels like Kogan doesn't seem to care, shame!

    • he's too busy gouging customers … a bit of fraud is small potatoes

  • +12

    Update too all of this which feels a lifetime ago now;

    Had a call from local police station this afternoon to confirm some details and let me know they linked the fraud to a list of others by the same culprit/s. He has been arrested, charged and admitted to it though claimed it was a victimless crime. No idea what will happen to him but I didn't anticipate ever hearing anything about it again so a pleasant suprise that someone went on with it and put the pieces together! Sure there are plenty others operating the same scam and the constable was well aware of how lax the security at Kogan is but something at least.

  • Do your selves a big Favour stick with Amazon.

Login or Join to leave a comment