It looks like scammers are targeting users of the very popular Starbucks mobile payments app.
Per reports, criminals are tapping into the coffee chain’s digital loyalty accounts to access consumers’ linked debit or credit cards.
Why should I care?
There’s a good chance you’ve got a Starbucks mobile app on your phone. (The coffee chain said back in March it has more than 14 million active users and processes approximately 8 million mobile payment transactions per week.)
Plus, falling victim to the scam could lead to several headaches. For instance, while your bank may ultimately refund any unauthorized debit card charges, it may not do so right away and you could bounce checks or incur overdraft fees in the interim.
How does the scam work?
Starbucks’ app lets you automatically reload gift cards from a linked debit or credit card. Journalist Bob Sullivan, who first reported on the scam after speaking with some victims, wrote that thieves are using this feature to pull money from these accounts.
Once they’ve loaded the pilfered funds onto a gift card and put in a bit more legwork involving redirected emails, they can resell the products for cash on the black market.
How thieves are hacking into the accounts remains a bit of a mystery. Starbucks has denied a breach of its system or loss of customer data. It’s possible the infiltration is related to weak consumer passwords.
Per Starbuck’s official statement online: “Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.”
What should I do?
First and foremost, if you’re using the Starbucks app, disable its auto-load option. (In fact, you may want to unlink any payment method associated with the account, since theoretically a thief with access could just turn the auto-load feature back on.)
Second, upgrade your password on the account as well as any others that share credentials. Strong passwords contain, among other things, at least eight characters, one number, one symbol, a lowercase and an uppercase letter and, even, intentionally misspelled words.
Finally, carefully monitor bank statements for any suspicious charges. Should they appear, call your financial institution immediately to dispute the transactions and have your card or cards replaced.
You can check out Bankrate’s roundup of habits that increase your odds of card fraud for more smart security practices!
Was your Starbucks mobile account targeted by scammers? Let us know in the comments below!
Follow me on Twitter: @JeanineSko