Today I want to talk about an email I keep getting from Kohl’s.
I’ve seen this email before, when I could not remember my own kohls.com account password in the store while trying to access my account on my phone.
In the last six months, I’ve probably received this email four times, and I have not actually shopped at Kohl’s online nor in the store since last Fall. I have not tried to access my kohls.com account. I have not forgotten my password.
What is Going On: The Short Answer
- The email itself is not a scam. It is an auto generated email from Kohl’s.
- It means that someone has tried, unsuccessfully, to access my Kohl’s account and guessed the password wrong one too many times. Kohl’s security system automatically locks the account and forces the account owner to change the password.
- Multiple scammers are targeting multiple Kohl’s accounts, regularly, most likely, in order to steal Kohl’s Cash.
- Even if you change your password immediately, you might receive this email again within a matter of days or weeks.
- Solution 1: open a new Kohl’s account under a new username that is more than just your email address and difficult to replicate.
- Solution 2: leave the account locked (as in, do not change your password) until the minute you need to access it. Expect to be locked out again soon, and continue to remain locked out until you place another Kohl’s order.
- Extra precaution 1: stop using and delete your Kohl’s App.
- Extra precaution 2: remove saved credit card information off your Kohl’s account entirely.
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
(adsbygoogle = window.adsbygoogle || []).push({});
What’s Going On: The Much Longer Answer
I do not work for Kohl’s and I am not in the internet security business. I’m just an average shopper and blogger who had a complaint, Googled it, then wrote about it. It turns out it is a very common complaint. This post has received multiple organic hits a day from Google searches – which means we are not alone. That said, I’m sorry I cannot offer better advice or solutions. Maybe you’ve already seen enough, and that’s totally cool. But read on if you care to discover how I came to the conclusions above.
What A Little Online Search Revealed
As I always do when crowdsourcing a problem, I went straight to Facebook. I was surprised that I didn’t receive as many responses as expected. I was also surprised that the most common answer was something along the lines of, “This email isn’t from Kohl’s. Delete it immediately and don’t click anything.”
I didn’t like that response. The email is real and really is from Kohl’s. Just trust me when I tell you that the problem is not an email phishing or spam issue. After receiving this email, every single time, if I go independently to my kohls.com account, it is indeed locked, my correct password does not work, and I am forced to reset my password through the “Forgot Your Password” link on the Kohl’s website – not a link in the email.
I’m annoyed for a variety of reasons, but I’m just going to be up front about my primary qualm. I’m running out of damn passwords, people. Listen, I know I’m on the cusp, but I consider myself part of Generation X, and we just aren’t known for being idiots when it comes to online identity protection.
This means no, I do not actually use the same password for every single online account I use. Yes, I change my passwords regularly. Yes, my passwords are ridiculously long and difficult to decipher. Also ridiculously difficult to remember and to type via iPhone. And, about three years ago, I actually went in and deleted all my saved credit cards for all the online shopping I do. A potentially unnecessary but added precaution.
So try to imagine how I’m feeling when Kohl’s continues to email me and tell me to change my password.
It turns out, if you are looking to crowdsource literally anything, reddit.com should probably be your go-to. From there I was actually led back to a public Facebook post, but was also cross-referenced with enough similar stories to make me think the answer I’m about to give you is probably legitimate. And it all has to do with Kohl’s Cash.
Some Truths about Kohl’s Cash
About every six to eight weeks, Kohl’s runs a promotion in which everything in the store is on sale and for every $50 you spend, you receive $10 in Kohl’s Cash. This Kohl’s Cash is printed at the register and is basically a coupon code. If you have a Kohl’s account, the code will be saved in your wallet. The start date for using your Kohl’s cash is always one day after the mega sales event is over, and the redemption period is usually pretty short. Like maybe ten days.
Truth Number One: if you return an item on which you earned Kohl’s Cash, you void the Kohl’s Cash if it has not been spent.
Truth Number Two: Kohl’s Cash does not work like a gift card. It is applied before any other discounts, expires, and is foregone at the moment it is handed over.
Truth Number Three: When you spend Kohl’s Cash, you better know you want to keep what you spend it on, because, to clarify the above, if you return an item you spent Kohl’s Cash on, you will receive the price of the item minus the Kohl’s Cash. If the redemption period is over, you lose the value of the Kohl’s Cash entirely.
Truly, this is a marketing ploy to get people to come back and spend more money in Kohl’s after they dropped at least $50 in the store the week before. I know this is all very annoying and confusing to those of you non-Kohl’s shoppers. I apologize. But we hustlers take our coupons and our promos very seriously.
And obviously it works. With four children, I admit I’ve done a fair amount of shopping at Kohl’s. I’ve earned a fair amount of Kohl’s Cash, and I rarely, if ever, have let it expire. (This is basically how I keep my kids in new socks and underwear year after year and feel like I got it all for free.) And, in Kohl’s’ defense, all of this is to prevent people from buying large items simply to get the freebie, then returning the original item but keep the freebie.
The Time My Kohl’s Cash Was Stolen
I actually do the bulk of my Kohl’s shopping on Black Friday, which is the day I find the best deals on Christmas PJ’s and dresses. I nearly always spend between $50 and $100 which means my Black Friday shopping always results in $10-$20 of Kohl’s Cash. Last January, when I went to spend my $20 (on underwear, in the store), I got to the register to find that it had already been spent.
Not by me.
Someone had actually stolen my Kohl’s Cash. In a phone call placed from the Kohl’s parking lot I learned that my account had not been compromised. In this particular instance, I’m guessing a series of randomly generated numbers landed on the exact code of my $20 coupon. A couple more phone calls and several complicated instructions later did result in Kohl’s giving me back the $20, but I had to use it online.
You know I demanded free shipping despite my under $50 order, since I was otherwise already at the store (and not paying shipping for my free underwear) which was another hassle all by itself and almost made me think the free underwear not worth it. But not quite.
But that is not the point. The point is, there is an entire ring of people out there succeeding at stealing Kohl’s Cash. They are likely banking on the fact that many people would forget to spend it and never notice it went missing.
This current email problem I’m having is actually this scheme but taken one step further. Hacker-thieves are breaking into kohl’s.com accounts completely, ordering $50+ worth of anything on the final day of a promotion and stealing the resulting Kohl’s Cash.
Another Scam Summary of Actual Events via Reddit
The more likely scam happening with the locked-accounts goes something a little more like this. During a Kohl’s Cash promo period, a scammer gets online and accurately guesses your Kohl’s username and password, obtaining direct access to your account, where you have likely saved both your address and Kohl’s Credit Card number.
At this point the hacker orders something expensive, let’s say, a $500 BBQ grill. He charges the grill to your Kohl’s card and has it delivered to your house. At this point, you would be alerted through a confirmation email that you have ordered something on Kohl’s. You would further receive an email when the item is shipped. I’m not sure how people are missing these emails, but they are.
But the hacker doesn’t want the $500 grill that will be charged and delivered to you. Instead, the hacker is waiting on the $10 of Kohl’s cash for every $50 spent on the grill. In this order, that’s $100 of Kohl’s cash. (You would receive an email about this too, and again, apparently people are missing it.)
So while you have no idea your account has been compromised (and a new $500 grill is on its way to your house!), the hacker has fraudulently acquired and spent $100 in Kohl’s cash. Meanwhile, a few days or weeks later, this grill arrives and you say, “Wait a minute, I didn’t order this.” You call Kohl’s and claim the fraud. They say, “No problem sir, first let me send you an email to change your password. Then, just to be safe, we will issue you a new Kohl’s card number. Finally, to make this right, simply return the grill and we will credit your account.”
Cool. Pack up the huge grill and drive it down to the busiest part of town, during the busiest season of the year, and carry the heavy burden all the way across the parking lot back into the store. This in itself sounds like a royal pain in the ass.
But it gets worse. Because when you come back to return the grill you learn that the $100 in Kohl’s cash (earned from the grill and already spent) will now come off your total in the return, meaning you only receive $400 back of the $500 you didn’t spend in the first place.
See the scam?
The scenario above is a true story, and the original owner of it basically concluded with the obvious ending where Kohl’s eventually makes it right, but not after a ridiculous amount of work and headache on the part of the victim.
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
(adsbygoogle = window.adsbygoogle || []).push({});
Do you always eventually get the entire $500 (plus tax) back? Maybe. After some work. I like to think that you do. But what about the other victims of this scam who were not out $100 but only $10? Maybe to those people, the fight is ultimately not worth $10. And because of this, Kohl’s is losing exactly zero skin in this game, and so nothing has been done to remedy the situation.
Certainly I don’t know what the remedy is. But it seems to me there should be a remedy. Forgive me but here is where my investigative journalism ends. At least for now.
In the meantime, here is my solution. (And I’m sorry, but it doesn’t include completely boycotting Kohl’s, because, well, Christmas PJ’s!)
- I’ve deleted all of my personal information off my Kohl’s.com account, even my address. Though I didn’t have a credit card saved there to begin with, I never will.
- I’ve deleted and stopped using my Kohl’s app completely. All coupons and Kohl’s cash are accessible through email.
- I have not and will not change my password until the next time I am shopping at Kohl’s online with the intention of making a purchase, which will be next November on Black Friday.
**UPDATE AUGUST 17: took advantage of a great online deal with triple overlapping coupon codes to stock up on new socks and underwear for all my kids. Within a day of placing that order, I got that same email above to change my password. I am still on with the original plan to just leave my Kohl’s account locked until I need to use it again.**
**UPDATE JANUARY 2019: Allowed my computer to auto-generate a password and I have not received this email since that time. My account seems to be un-compromised and currently un-targetted.**
I feel like this post could generate some thoughts and hope it does. Please put your comments here on my blog rather than on Facebook or Instagram so if anyone stumbles upon this post and has a similar experience, insight can be gleaned all in the same place.
This post may contain affiliate links. Read my full disclosure here.
The UnderToad 
I have NEVER been overly impressed with Kohl’s. Really not on my shopping radar.
I’m getting as many as 3 of these password change emails a week. Yes, my account has actually been blocked. Calling them and complaining is a waste of time as they outsource their customer service overseas and they just follow the script. I like your idea of not changing it until you actually go into the store. Makes sense.
My Kohls account was hacked yesterday. I received an email stating that I had purchased a $200 item and that is was being sent to a person and an address that are neither me nor my address. At the same time I got another email saying my shipping address had been changed. I saw the email and called Kohl’s approximately 45 after receiving the email. They cancelled my credit card, issued me a new card, and told me that the order would not go out. This morning I receive an email saying that my order had been shipped (with a nice exclamation point at the end!). As soon as customer service opens, I am calling them to cancel my credit card and close my account with them. Too much incompetence. I am not paying that charge, so it’s up to them what they do now about it. I am not doing to waste any more time with them.
I received that EXACT email twice this month…once seemed random, so I kind of ignored it after I changed the password. However, this time, I took it seriously because it also cancelled my order from the day before. The nearest physical location of a Kohl’s is two hours away from me and in a state with sales tax (we do not have sales tax here and on a large order, like school clothes for all my kiddos, it’s a large expense). I ordered online nearly $300 of school clothes, then went to get a glass of water. When I returned, literally 5 minutes later to double check my order, my Kohl’s cash was gone. In a hurry, I submitted the order anyway around 10:00pm.
The next day at day, at 6:20pm, I received the emails, including this one:
“We couldn’t complete order #xxxxxxxx (correct order number, and we apologize for the inconvenience. Please contact us to figure out the next steps toll-free at 1-888-890-1755.
You have not been charged for this order. If you used Gift Cards or Kohl’s Cash on this order, the amount will be refunded within the next 2 days. Since you have not been charged, no Kohl’s Cash has been accrued.”
HOWEVER, my bank account HAS BEEN CHARGED.
A call to Kohl’s followed exactly what you stated….change of password. Then, a 40 minute wait while I was transferred to the “fraud department” who had to take ALL of my personal information again, after assuring me that they would re-order everything and that I had NOT been charged, despite what my online bank statement is showing.
I am SO frustrated!! But, it’s making sense now. Thank you for the post. This information is really hard to find!!
It is insane. The only reprieve I found was to just NOT change my password at all until the next time I needed to log in. I just took advantage of the triple overlap on coupon codes and free shipping to get all new socks and underwear for my kids. Placed that order last Friday. I went ahead and took the computer generated password this time, whatever, right? I got an email by Saturday that my account has been locked again. I’m leaving it. At least while my account is locked, no one else is trying to get in. I cannot believe they have not figured out a way to better protect themselves and their customers. (Otherwise wouldn’t this be happening with Amazon and other online accounts?)
Every single week I’m getting this email! I called and asked them to stop them I get it again. I spoke to someone on chat yesterday, oh I’ve reported it. Another email comes today!! I told him I cannot come up with any more damn passwords. They also said it does it if you haven’t been in your account in awhile. Umm, no I was in earlier this week.
This is insane there is no need to lock your customer’s accounts every freaking week!
I’m guessing you didn’t read this entirely TOO long post, but just don’t change your password until you need to get into your account again. I’ve ceased getting the emails because my account is just currently blocked. It is an issue with Kohl’s security, for sure, but it means that someone is trying to access your account constantly.
I received that email and did the same thing you did, just left it. That was 3 weeks ago. I will not change my password until I want to use the account like you did. No one is touching my Kohl’s Cash when I get it!
Keep an eye on your Kohl’s cash. Pretty sure mine was stolen by a random generation of numbers and not through the app or the website. That was an unrelated issue, but you know, more to be annoyed with about Kohl’s. Seems like they could move to a double authentication system or something.
I opened my Kohls account online with my first order August 28. Received the “account is locked, change your password” email on October 5 – just left it locked. Got my new statement yesterday (Nov 1) and had 2 charges (not mine) – one from Sept 29 and one from Oct 22 (when the account was supposedly locked). Called and spoke to an Indian gentleman I could not understand and then wrote a dispute letter. The service rep told me what the purchases were and the hacker actually used coupons (or Kohls cash on them). I did go online, changed my password and deleted my payment information from the website. I will probably close the account when this is resolved – not worth the time or trouble.
Yeah, still happening. It happened to me in August 2018 as well – seems like a trend given the people who already mentioned it above. The thief even GAVE a new shipping address on my account, which seemed insane but also possibly a fake address. I told Kohls, got a new credit card which I didn’t activate until Black Friday when I did some shopping and got Kohls cash, and was annoyed to see that the ‘order’ that the thief made was still shipped to them even though I thankfully was not on the hook for it. You’d think with the information there, they could have actually DONE something about it since it had a name and address.
I go to use my Kohl’s cash yesterday with an order and come back to find this morning that my account is password locked and I need to call about my order. Sigh. I really like Kohls for certain things and brands but this is getting ridiculous. I’m surprised there hasn’t been some kind of media expose yet.
But how do I remove my credit card info from the Kohl’s a count? I just created my account to buy a pair of boots, and I find it had saved my credit card information and will not let me delete it! Needless to say, this is a problem, because I do not trust their website to maintain my credit card security.
How do I actually fully delete my credit card info from my new Kohl’s account?
Go to your account and click “settings.” On the left hand side (from a desktop computer) click “billing and payment info.” Any/all saved cards should appear. Go to your Kohl’s card and click “remove.” Note, it will automatically save this information every single time you pay, so you have to be vigilant to go in and manually remove it each time. An annoying step, but to me, well worth the extra 3 seconds. Cheers.
This has happened to me several time in the past few weeks. Well, more specifically that I earn Kohl’s cash and Yes-2-You rewards and when I go to redeem them, I’m told they’ve already been redeemed. Customer service is polite, but ultimately little help and difficult to understand.My account is now locked and I question if it is even worth re-opening it. I really want to like Kohl’s but this is definitely making me consider just boycotting the store. How much time have we collectively sunk into this annoying issue? I agree–there ought to be an expose done.
I had only my kohls cash taken. They told me to go into the store w the persons id number and I would get the cash on my instore order. The store knew nothing of what I was talking about and they don’t know anything about id customer service to reference. They said my cash had been used in Ohio. I live in tx. They eventually just gave me the 20 off the order. And gave me kohls cash for the next week because I bought more stuff. This time I didnt upload the cash to my acct until I needed it. As soon as I put it on it was gone immediately. After calling and doing same thing over ph the virtual assistant said to place the order and give them my chat ID to pull up our conversations and honor the 20$ but when I did that they said they could not do that. I began to wonder if the kohls app was the scam. Cuz they had no idea what I was talking about. But eventually they said they would send me more kohls which got used within the 60 seconds after they emailed to me. How do I stop it. Can I simply change the pw. I Uninstalled the app.
So you need to go change your password on all your accounts ASAP. It is such a PITA. But alas.
Well I guess I’m the latest victim of the Kohl’s Cash Scam. I spent 2 hours at the Kohl’s Customer Service Desk trying to return a few things (on separate orders) when the clerk tells me that the first order will be short $20.00 because I had used Kohl’s Cash on the order. I didn’t give it a lot of thought because I had recently placed another order and did select one $15.00 Kohl’s Cash in my account. The second order the clerk tells me that it will be short by $30.00 because I had used Kohl’s Cash on the order. I stopped and told him NO I know that I didn’t use the Kohl’s Cash. I told him when I placed my last order on Kohl’s.com there were 3 Kohl’s Cash Rewards I could have chosen 1 was for $20.00, 1 was for $65.00, and 1 was for $15.00. I only used the $15.00 Kohl’s Cash on that order and left the others because I knew they would be voided with returns I planned to make. He called the Manager over. I explained everything to her. She called Kohls.com customer service and asked the Customer Service Rep if she would check my orders and see which ones I had used Kohl’s Cash on. The CSR told the Manager that she cannot see where I used $30.00 in Kohl’s Cash on that order, nor the $20.00 on the first return. She gave the Manager two options: 1) She would place a $30.00 credit on Kohls.com and that when I place my next order I would need to call in and place it and tell them to use the credit on my account OR 2) File a Fraud Claim. I didn’t want either, I just wanted the full amount I paid REFUNDED to my Kohl’s Credit Card Account. The Manager that helped me was as nice as can be and I am happy about that. She kept asking me if I wanted her to replace it with Kohl’s Cash or Store Credit, either way I’d like she would do it. But she can’t credit my Kohl’s Credit Card. She also told me that this is not an UNCOMMON EVENT. WHAT!!! So my question is do I file a FRAUD REPORT or have the Store Manager give me a Store Credit with the Amount They OWE ME? Has anyone filed a FRAUD Report? Did they refund the full amount back to your Kohl’s Credit Card Account??? Thanks.
I would definitely file the fraud report. The more people do that the more aware they will be of the problem. As for getting your money back, I’d take whatever you can get most immediately. I’ve not had this exact situation where my own money was ultimately what was lost to me. I would also be annoyed to not just get my own money back.
Claire, Thank you for your insight. They definitely need to know this is a problem. I will file fraud and ask for instore credit instead of more Kohl’s Cash.
Huh.
I just got that email yesterday although I haven’t used the account since January…and when I went in to check my current status through my phone app and directly through the site rather than my laptop and the supplied link (call me suspicious), I wasn’t locked out after all. There was no indication that anything was amiss. No lockdown, no new orders…nothing.
I changed my password anyway and will see if I receive any more notifications, but this email looks like pure phishing to me.
This is an interesting theory. As of January this year, I have not received a single one of these emails. My current password was selected by computer and has not been messed with for 5 months, which seems to be a record.
I got one yesterday. It’s the first one I’ve received in a few months. I’m not surprised. They are doing a Kohl’s cash promotion right now.
I too received an email like the one above, but it was spoof. I know this because when I called Kohls my account was not locked.
I noticed the return email was not Kohl’s email. Email addressed me by my first name only.
Email said : Account locked: reset your password
From: Kohl’s Date:Mon, Dec 28, 2020 11:45 pm
Notice the word “at” after the @ sign?
Kohls needs to have an email address to forward this spoof mail.
My concern is, how did they know my first name and that I had a Kohl’s account?
I never clicked on anything but wanted to let you know this is a spoof mail with links inside hoping you will click on them and then sign into your Kohl’s account with your user name and password.