A number of Groupon users have seen £100s siphoned from their banks in recent weeks after fraudsters commandeered their accounts to make unauthorised purchases, MoneySavingExpert can reveal. If you've been hacked, make sure you log your case with Groupon ASAP to claim a refund.
We've seen reports from scores of Groupon customers since the start of December saying they've had purchase confirmation emails from the US-based deals website for items they've not bought - in some cases users have been left up to £700 out of pocket.
To make matters worse, many customers have claimed they've been unable to get through to Groupon's customer services department to log their case, with one telling MSE he was advised that he'd have to wait up to ten days before his case was dealt with.
Groupon says there hasn't been any security breach of its own site or app, but acknowledges it's seen a series of cases where fraudsters have managed to hack into Groupon accounts after accessing log-in and password information via third party websites.
Make sure you protect yourself online by reading our 30+ Ways to Stop Scams guide.
Get Our Free Money Tips Email!
Groupon customers hacked: 'Someone has bought themselves an iPhone 6'
Groupon refused to tell us how many customers had reported being hacked - a spokesperson told us: "What we are seeing is a small number of customers who have had their account taken over by fraudsters."
However, we've seen dozens of social media posts in recent days relating to the problem. Here are just a few tweets from frustrated Groupon customers:
@Groupon_UK my account hacked and a lot of money taken for a purchase I did not make. Your lines closed. Can you please reply to my email?— Sherelle Fairweather (@szm_fairweather) December 17, 2016
@Groupon_UK could someone please contact me asap directly as I have had my account hacked and fraudulent transactions have gone through— Joanne Brittles (@joanne_brittles) December 18, 2016
@Groupon_UK someone has hacked my account changed the details and spent Â£700 out of my account customer services is useless unacceptable— Aliki chrysiliou (@liggyc) December 16, 2016
— Nubian Princess (@nubianangel025) December 19, 2016
@Groupon_UK my groupon account got hacked into at 4am this morning đŸ˜ªđŸ˜©someone has bought themselves an iPhone 6 amongst other products— Rachel Nelken (@rachelnelken) December 16, 2016
We were contacted by one Groupon customer who received around 20 purchase confirmation emails from Groupon on Friday for items valued between £10 and £900.
Mervyn, who says he hasn't used his Groupon account for months, was shocked to discover that his bank details had been used to order items - including a £150 iPad mini - to an address in London.
He told us: "I immediately phoned Groupon - however the office was closed and reopened between 9am and 5pm Monday to Saturday. No more I could do.
"On Saturday morning I called Groupon at 9am only to hear the same message and be hung up on at the end of the message. I tried repeatedly throughout the day but no joy. I simultaneously phoned RBS and cancelled my bank debit card. The bank advisor confirmed he could see the transactions in my pending payments.
"I eventually got through to a Groupon customer advisor, who after many waffling excuses eventually told me that the best I could hope for was that they were reviewing the matter and someone would get back to me within ten days."
Can I claim a refund?
Groupon has confirmed it will refund you if your account has been targeted by fraudsters and money has been spent without your consent. A spokesperson said: "As with any major online retailer, we take fraud extremely seriously and have a dedicated team to investigate customer issues as soon as they are reported.
"If someone believes they’ve been a victim of a fraudulent attack, we investigate it and if confirmed block the account immediately and refund the customer’s money back to them."
We've asked Groupon how long it will take to process refunds - we'll update this story when we know more.
How do I report that my account's been hacked?
If you've been a victim of a fraudulent attack, Groupon is advising you to visit its customer support centre at www.groupon.co.uk/customer_support.
If you discover that you've been hacked you should also report the matter to your bank as soon as possible.
A spokesperson for RBS told us: "Customers who notice transactions on their account that they do not recognise should contact the bank immediately. Assuming they haven’t been negligent in providing access to their banking facilities, we would look to refund the customer to ensure they are returned to the position that they were before the fraud occurred."
How did fraudsters manage to access my account in the first place?
Groupon has said the problems experienced by certain customers have not been caused by a security breach on its website or mobile app. It claims that those affected have been the victims of sophisticated scammers.
A spokesperson said: "Fraudsters have a number of ways in which they can obtain your login details to a website including phishing e-mails, trojan attacks, spyware and malware. By using these methods, it’s possible for fraudsters to get customer account information, log in and make purchases.
"Fraudsters deliberately look for easy ways to guess login details and password combinations. One of the ways they can do this is when user credentials are stolen from a security breach at another e-commerce site and then are used to log in to other websites where the customer’s password is the same.
"In this way, customers who have either a weak password or the same password for multiple websites are more prone to attack. In the run-up to Christmas we ask customers to be especially vigilant."
How can I protect myself against online scams?
- Have different passwords. Use a complex and unique password for every email, e-commerce website and social media outlet you are a member of and change it often. A password manager can help you keep track of all your passwords. See our 60-second guide to password security for more help.
- Be mindful of what you share on Facebook. Avoid posting personal information on social media or other public sites that could be used by fraudsters to decipher log in or password details.
- Keep track of your emails. Make sure you check your email on a regular basis to monitor for any password or email changes as well as unauthorised purchases.
- Don't hold bank info online. Avoid storing bank account details on sites you use to make purchases.
Meanwhile, a handy website for checking if your personal info has been compromised is HaveIBeenPwned? ('pwned' is geek-speak for being made a fool of, it's pronounced 'poned').
See full help in our 30+ Ways to Stop Scams guide.