Today I want to talk about an email I keep getting from Kohl’s.
I’ve seen this email before, when I could not remember my own kohls.com account password in the store while trying to access my account on my phone.
In the last six months, I’ve probably received this email four times, and I have not actually shopped at Kohl’s online nor in the store since last Fall. I have not tried to access my kohls.com account. I have not forgotten my password.
What is Going On: The Short Answer
- The email itself is not a scam. It is an auto generated email from Kohl’s.
- It means that someone has tried, unsuccessfully, to access my Kohl’s account and guessed the password wrong one too many times. Kohl’s security system automatically locks the account and forces the account owner to change the password.
- Multiple scammers are targeting multiple Kohl’s accounts, regularly, most likely, in order to steal Kohl’s Cash.
- Even if you change your password immediately, you might receive this email again within a matter of days or weeks.
- Solution 1: open a new Kohl’s account under a new username that is more than just your email address and difficult to replicate.
- Solution 2: leave the account locked (as in, do not change your password) until the minute you need to access it. Expect to be locked out again soon, and continue to remain locked out until you place another Kohl’s order.
- Extra precaution 1: stop using and delete your Kohl’s App.
- Extra precaution 2: remove saved credit card information off your Kohl’s account entirely.
What’s Going On: The Much Longer Answer
I do not work for Kohl’s and I am not in the internet security business. I’m just an average shopper and blogger who had a complaint, Googled it, then wrote about it. It turns out it is a very common complaint. This post has received multiple organic hits a day from Google searches – which means we are not alone. That said, I’m sorry I cannot offer better advice or solutions. Maybe you’ve already seen enough, and that’s totally cool. But read on if you care to discover how I came to the conclusions above.
What A Little Online Search Revealed
As I always do when crowdsourcing a problem, I went straight to Facebook. I was surprised that I didn’t receive as many responses as expected. I was also surprised that the most common answer was something along the lines of, “This email isn’t from Kohl’s. Delete it immediately and don’t click anything.”
I didn’t like that response. The email is real and really is from Kohl’s. Just trust me when I tell you that the problem is not an email phishing or spam issue. After receiving this email, every single time, if I go independently to my kohls.com account, it is indeed locked, my correct password does not work, and I am forced to reset my password through the “Forgot Your Password” link on the Kohl’s website – not a link in the email.
I’m annoyed for a variety of reasons, but I’m just going to be up front about my primary qualm. I’m running out of damn passwords, people. Listen, I know I’m on the cusp, but I consider myself part of Generation X, and we just aren’t known for being idiots when it comes to online identity protection.
This means no, I do not actually use the same password for every single online account I use. Yes, I change my passwords regularly. Yes, my passwords are ridiculously long and difficult to decipher. Also ridiculously difficult to remember and to type via iPhone. And, about three years ago, I actually went in and deleted all my saved credit cards for all the online shopping I do. A potentially unnecessary but added precaution.
So try to imagine how I’m feeling when Kohl’s continues to email me and tell me to change my password.
It turns out, if you are looking to crowdsource literally anything, reddit.com should probably be your go-to. From there I was actually led back to a public Facebook post, but was also cross-referenced with enough similar stories to make me think the answer I’m about to give you is probably legitimate. And it all has to do with Kohl’s Cash.
Some Truths about Kohl’s Cash
About every six to eight weeks, Kohl’s runs a promotion in which everything in the store is on sale and for every $50 you spend, you receive $10 in Kohl’s Cash. This Kohl’s Cash is printed at the register and is basically a coupon code. If you have a Kohl’s account, the code will be saved in your wallet. The start date for using your Kohl’s cash is always one day after the mega sales event is over, and the redemption period is usually pretty short. Like maybe ten days.
Truth Number One: if you return an item on which you earned Kohl’s Cash, you void the Kohl’s Cash if it has not been spent.
Truth Number Two: Kohl’s Cash does not work like a gift card. It is applied before any other discounts, expires, and is foregone at the moment it is handed over.
Truth Number Three: When you spend Kohl’s Cash, you better know you want to keep what you spend it on, because, to clarify the above, if you return an item you spent Kohl’s Cash on, you will receive the price of the item minus the Kohl’s Cash. If the redemption period is over, you lose the value of the Kohl’s Cash entirely.
Truly, this is a marketing ploy to get people to come back and spend more money in Kohl’s after they dropped at least $50 in the store the week before. I know this is all very annoying and confusing to those of you non-Kohl’s shoppers. I apologize. But we hustlers take our coupons and our promos very seriously.
And obviously it works. With four children, I admit I’ve done a fair amount of shopping at Kohl’s. I’ve earned a fair amount of Kohl’s Cash, and I rarely, if ever, have let it expire. (This is basically how I keep my kids in new socks and underwear year after year and feel like I got it all for free.) And, in Kohl’s’ defense, all of this is to prevent people from buying large items simply to get the freebie, then returning the original item but keep the freebie.
The Time My Kohl’s Cash Was Stolen
I actually do the bulk of my Kohl’s shopping on Black Friday, which is the day I find the best deals on Christmas PJ’s and dresses. I nearly always spend between $50 and $100 which means my Black Friday shopping always results in $10-$20 of Kohl’s Cash. Last January, when I went to spend my $20 (on underwear, in the store), I got to the register to find that it had already been spent.
Not by me.
Someone had actually stolen my Kohl’s Cash. In a phone call placed from the Kohl’s parking lot I learned that my account had not been compromised. In this particular instance, I’m guessing a series of randomly generated numbers landed on the exact code of my $20 coupon. A couple more phone calls and several complicated instructions later did result in Kohl’s giving me back the $20, but I had to use it online.
You know I demanded free shipping despite my under $50 order, since I was otherwise already at the store (and not paying shipping for my free underwear) which was another hassle all by itself and almost made me think the free underwear not worth it. But not quite.
But that is not the point. The point is, there is an entire ring of people out there succeeding at stealing Kohl’s Cash. They are likely banking on the fact that many people would forget to spend it and never notice it went missing.
This current email problem I’m having is actually this scheme but taken one step further. Hacker-thieves are breaking into kohl’s.com accounts completely, ordering $50+ worth of anything on the final day of a promotion and stealing the resulting Kohl’s Cash.
Another Scam Summary of Actual Events via Reddit
The more likely scam happening with the locked-accounts goes something a little more like this. During a Kohl’s Cash promo period, a scammer gets online and accurately guesses your Kohl’s username and password, obtaining direct access to your account, where you have likely saved both your address and Kohl’s Credit Card number.
At this point the hacker orders something expensive, let’s say, a $500 BBQ grill. He charges the grill to your Kohl’s card and has it delivered to your house. At this point, you would be alerted through a confirmation email that you have ordered something on Kohl’s. You would further receive an email when the item is shipped. I’m not sure how people are missing these emails, but they are.
But the hacker doesn’t want the $500 grill that will be charged and delivered to you. Instead, the hacker is waiting on the $10 of Kohl’s cash for every $50 spent on the grill. In this order, that’s $100 of Kohl’s cash. (You would receive an email about this too, and again, apparently people are missing it.)
So while you have no idea your account has been compromised (and a new $500 grill is on its way to your house!), the hacker has fraudulently acquired and spent $100 in Kohl’s cash. Meanwhile, a few days or weeks later, this grill arrives and you say, “Wait a minute, I didn’t order this.” You call Kohl’s and claim the fraud. They say, “No problem sir, first let me send you an email to change your password. Then, just to be safe, we will issue you a new Kohl’s card number. Finally, to make this right, simply return the grill and we will credit your account.”
Cool. Pack up the huge grill and drive it down to the busiest part of town, during the busiest season of the year, and carry the heavy burden all the way across the parking lot back into the store. This in itself sounds like a royal pain in the ass.
But it gets worse. Because when you come back to return the grill you learn that the $100 in Kohl’s cash (earned from the grill and already spent) will now come off your total in the return, meaning you only receive $400 back of the $500 you didn’t spend in the first place.
See the scam?
The scenario above is a true story, and the original owner of it basically concluded with the obvious ending where Kohl’s eventually makes it right, but not after a ridiculous amount of work and headache on the part of the victim.
Do you always eventually get the entire $500 (plus tax) back? Maybe. After some work. I like to think that you do. But what about the other victims of this scam who were not out $100 but only $10? Maybe to those people, the fight is ultimately not worth $10. And because of this, Kohl’s is losing exactly zero skin in this game, and so nothing has been done to remedy the situation.
Certainly I don’t know what the remedy is. But it seems to me there should be a remedy. Forgive me but here is where my investigative journalism ends. At least for now.
In the meantime, here is my solution. (And I’m sorry, but it doesn’t include completely boycotting Kohl’s, because, well, Christmas PJ’s!)
- I’ve deleted all of my personal information off my Kohl’s.com account, even my address. Though I didn’t have a credit card saved there to begin with, I never will.
- I’ve deleted and stopped using my Kohl’s app completely. All coupons and Kohl’s cash are accessible through email.
- I have not and will not change my password until the next time I am shopping at Kohl’s online with the intention of making a purchase, which will be next November on Black Friday.
**UPDATE AUGUST 17: took advantage of a great online deal with triple overlapping coupon codes to stock up on new socks and underwear for all my kids. Within a day of placing that order, I got that same email above to change my password. I am still on with the original plan to just leave my Kohl’s account locked until I need to use it again.**
I feel like this post could generate some thoughts and hope it does. Please put your comments here on my blog rather than on Facebook or Instagram so if anyone stumbles upon this post and has a similar experience, insight can be gleaned all in the same place.
This post may contain affiliate links. Read my full disclosure here.