Scam Alert: Online Shopping Account Fraud Just Jumped 323% — Check Yours Now

7 June 2026 4 min read

Woman looking concerned at laptop screen, worried expression, sitting at kitchen table

This one's worth dropping everything for. On 4 June, the UK's Report Fraud service (the City of London Police team that took over from Action Fraud) put out an urgent warning. Reports mentioning Argos shot up 323% in a single month, from 154 in April to 652 in May. That's not a typo. Criminals have found an easy way into people's shopping accounts, and it's spreading.

It's not just Argos either. The same trick works on any online retail account, and Currys has been flagged in the press coverage too. If you shop online, this is about you.

Online shopping scam

The account takeover, and why your password is the target

Here's how it works. When a website gets hacked and its passwords leak, those email-and-password combinations end up for sale. Criminals take those lists and try them, by the thousand, on completely different sites. If you used the same password on, say, an old forum that got breached and on your Argos account, they're now in. This is called credential stuffing, and according to the Report Fraud alert it's exactly what's behind this spike.

Once they're in your account, they place click-and-collect orders for expensive stuff and walk into a store to pick it up. In some cases they pay with card details stolen from somebody else entirely, so the first you know about it might be an order confirmation for something you never bought.

Watch for emails confirming orders you didn't place, click-and-collect codes you didn't ask for, or your saved address suddenly changing. Argos is contacting affected customers directly, so a genuine warning from them is possible right now. Just don't click links in it. Log in to your account by typing the address yourself.

The root of all this is password reuse. Most people have one or two favourite passwords they use everywhere, and I completely understand why. Remembering forty different ones is impossible. But that's the exact weakness these criminals rely on. One old breach somewhere you've forgotten about, and every account sharing that password is exposed.

So this isn't really an Argos problem. It's a "the same password is on six of your accounts" problem. Argos just happens to be the one getting hit hardest this month.

The rule worth burning into your memory: if a retailer emails you about "suspicious activity" or "verifying your account" and there's a link to click, treat it as a scam until proven otherwise. Don't use the link. Open a fresh browser tab, type the shop's address in yourself, and log in that way. Real alerts will still be there when you do.

If your account's been used without you knowing

Check your order history. Log in (typing the address yourself) and look for orders, collection codes, or address changes you don't recognise.
Contact the retailer. Use the help number on their official website, not anything from an email. Tell them the account's been accessed and freeze any pending orders.
Call your bank if card details were saved. The number on the back of your card. If the account had your card stored, or you've spotted charges that aren't yours, do this straight away.
Change the password, and change it everywhere you reused it. Start with that account, then any other site sharing the same password. Make each new one different.
Turn on two-step verification. Most retailers offer it now. It means a stolen password alone isn't enough to get in.

How to Report It

Fraud or account takeover → Report Fraud on 0300 123 2040 or actionfraud.police.uk
Scam text → forward to 7726 (spells SPAM, free on all UK networks)
Scam email → forward to report@phishing.gov.uk

DCI Steven Kettle from Report Fraud put it plainly: anyone with online retail accounts should stay alert to unusual activity and take steps to protect themselves. Reporting takes a couple of minutes and genuinely helps, the more reports that come in, the faster these patterns get spotted and shut down.

One last thing on prevention, straight from the official advice. Use a unique password for every account (three random words stuck together is a solid trick), switch on two-step verification wherever it's offered, and stop saving your card details with shops. If a credential-stealer ever did end up on your machine, a saved card is one more thing it can grab. If you're worried something dodgy got onto your PC, or a "support" call ended with someone remoting in, I do virus and malware removal in St Helens and can check nothing nasty was left behind.

Mark

Mark has been fixing computers since the late '90s and went self-employed in 2008. Based in St Helens since 2013, he works evenings and weekends from his home in Laffak — friendly, affordable repairs for PCs, laptops, and Macs. See reviews on Google

Think you've been scammed? Or had someone on your PC?

If you've let someone remote in, installed dodgy software, or just want your PC checked over — get in touch and I'll have a proper look.

★★★★★

"Absolutely fantastic service from Local Computer Guy, I was unable to help my grandparents with their computer issues after an unfortunate issue with a scammer and potential virus being installed on their machine. After a quick call I knew they were in good hands. Arrived on time and quickly wiped the machine and made it safe, also helped investigate what had happened and helped my grandparents get using their computer again."
— Joe Gempton, via Google

WhatsApp Me Call 07428 101010