Scam of the day – May 14, 2015 – Starbucks mobile app hacking scam

Consumer reporter Bob Sullivan has uncovered another scam involving the use of the popular Starbucks mobile app which was used last year by Starbucks customers to make two billion dollars of Starbucks purchases using this mobile app which is tied to the customer’s credit card.  The scam begins when the scammer gets the username and password of the Starbucks customer using the Starbucks mobile app.  This can be done in many ways including phishing emails, keystroke logging malware or even data breaches at other companies where the Starbucks customer may use the same username and password.  Once the criminal has access to the account, he or she can transfer balances of gift cards to other credit cards controlled by the scammer, use the hacked account to issue and send gift cards to themselves or exploit the Starbucks mobile app auto reload feature by which the Starbucks mobile app automatically adds funds to the mobile app from the credit card tied to the mobile app.  By quickly spending the funds in the mobile app and triggering the auto reload feature, the criminal can get more money to steal in a short time.


This is just another example of why it is important to have unique user names and passwords for each of your accounts so that you are not in total jeopardy if this information is stolen by way of a data breach at one of your accounts.  As I have mentioned in the past, a strong password contains capital letters, small letters and symbols.  A password made up of a phrase such as “IDon’tLike Passwords!!!” is not only strong, but can be personally adapted for each account by merely adding a few letters such as “Ama” as the password you use for your Amazon account to distinguish it from other accounts so your Amazon password would be “IDon’tLikePasswords!!!Ama.”  This is a strong and secure password and one that you can remember.

If you use the Starbucks mobile app, you should disable the auto reload feature.  You don’t need it and it makes you vulnerable to the type of hacking presently going on.