As if defect claims weren’t bad enough, there is a form of fraud that’s on the rise for merchants to beware. Security expert/blogger Brian Krebs says it’s a form of warranty fraud that is made possible by account takeovers.
Krebs said Fitbit was the target of that type of fraud, but not through a breach of its own site. “Fitbit is just the latest victim of customer account takeovers powered by breaches at other e-commerce providers,” he wrote.
It goes like this: the fraudster takes over a customer account and changes the email address to one they control. They then contact the merchant and demand that they replace the article in question, naturally providing the retailer with their own address, not the real customer’s.
Fitbit told Krebs the account takeovers are also made possible by customer computers that have been compromised by password-stealing malware and by customers who re-use the same password across many sites.
Online sellers are already familiar with “real buyer” fraud, now they have to worry about “fake buyer” fraud that looks like a legitimate customer request.
You can read the full account on KrebsOnSecurity.com.