Millions of online shoppers are being urged to review their accounts following a sharp increase in criminals hijacking retailer profiles to purchase high-value goods. Specialists warn that fraudsters are increasingly targeting customers of well-known brands such as Argos by exploiting stolen login credentials obtained from previous data breaches, with one expert cautioning that "password reuse is one of the biggest risks for shoppers."
Surge in Complaints
The warning follows revelations from Report Fraud of a dramatic surge in complaints linked to Argos, as offenders exploit compromised accounts to buy expensive items and collect them in person from stores. In May alone, Report Fraud received 652 reports mentioning Argos – a 323% increase on the 154 reports recorded in April. Since the start of 2026 there have been 1,175 reports mentioning the retailer, with May seeing the highest monthly total so far.
How the Scam Works
The scam shines a light on a growing threat confronting online shoppers, many of whom rely on identical passwords across several websites. Criminals are able to acquire login details leaked during previous cyber attacks and subsequently test them on popular retail platforms, banking on customers having recycled the same credentials. Once they have gained access to an account, fraudsters can place orders - frequently exploiting click-and-collect services - and retrieve goods from stores before the victim is even aware their account has been breached.
Retailer Response
Report Fraud confirmed that Argos is actively cooperating with authorities and customers to flag suspicious activity and bolster security measures. Detective Chief Inspector Steven Kettle, Head of Crime Services at Report Fraud, said: "Report Fraud urges anyone with online retail accounts to remain vigilant and be alert to any unusual or suspicious activity. It is essential to take appropriate steps to protect your accounts by following Report Fraud's guidance. If you believe you have been a victim of fraud, please report it to Report Fraud via reportfraud.police.uk or by calling 0300 123 2040."
Expert Insights
Retail experts said the scam is particularly concerning because criminals are exploiting genuine customer accounts rather than relying on fake websites or phishing messages. Marty Bauer, ecommerce expert at Omnisend, told Newspage: "These scams exploit familiar and trusted shopping experiences that retailers spend years trying to build. The customer is not necessarily being tricked by a fake website or a suspicious text message. In many cases, criminals are using real login details to access genuine accounts, place real orders and collect the goods before the shopper realises anything has happened."
He added: "Password reuse is one of the biggest risks for shoppers. If the same password is used across email, shopping accounts, streaming services and loyalty schemes, one password exposed during a data leak can quickly put several accounts at risk. Scammers often focus on well-known brands because they have large customer bases, familiar checkout processes and accounts that may not be checked regularly."
Credential Stuffing
Cybersecurity experts say the attacks are often an example of so-called "credential stuffing", where criminals use usernames and passwords stolen elsewhere and try them across multiple websites. Marijus Briedis, Chief Technology Officer at NordVPN, said: "These scams can be particularly effective because they often look like everyday shopping activities until it is too late. Criminals are not always trying to hack a company directly, as it is quite a task to bypass a national retailer's security. In many cases, they are simply using passwords that have already been leaked elsewhere on the dark web and trying them across different sites, hoping people have reused the same login details."
He warned that once inside an account, fraudsters may place orders, use saved personal details, change account information and test whether the same password unlocks other online services. Mr Briedis said shoppers should use a unique password for every retail account, switch on two-factor authentication and avoid clicking links in unexpected emails or text messages.
Protection Advice
Samuel Mather-Holgate, Managing Director at Mather and Murray Financial, said: "The simplest protection is also the most effective - use a unique password for every online account and enable two-factor authentication wherever it's available. Password reuse is the fuel that keeps these attacks running. It's extremely common for fraudsters to use trusted household brands as bait. Consumers are naturally less suspicious of communications or account activity linked to well-known retailers. Criminals understand that trust is valuable, which is why they frequently hide behind familiar names rather than obscure websites."
Colette Mason, AI Ethics Consultant at Clever Clogs AI, described the fraud as "credential stuffing" and urged consumers to check whether their email address has appeared in previous data breaches. She said: "Criminals buy leaked logins in bulk, try them on major retailers, and when yours works because you've reused the password, they order big-ticket items on click and collect and walk out with them. The fix is free and takes one evening."
Ms Mason advised consumers to use a password manager, create unique passwords for every account and enable two-factor authentication wherever possible. She added: "Retailers need to answer for their end too. A dormant account ordering high-value goods from a new device should trigger a check before anything leaves the shelf. Data resilience is a pain. A cleaned-out bank account is worse."
