Argos account hacked: the takeover fraud behind orders you did not make
An order confirmation from Argos for something you never bought, a changed delivery address, or spent points you did not spend, usually means someone logged into your account, most often with a password you reused from another site. Here is exactly how the takeover works and what to do about it in 2026.
Got an Argos order confirmation you didn't make?
It is a strong sign your Argos account was taken over, almost always because a password you used elsewhere was reused on Argos and leaked in another company's data breach. A criminal logged in with that email-and-password pair and placed an order, often for a high-value item to collect in store. Change your Argos password now to a unique one and turn on two-factor authentication, contact Argos through help.argos.co.uk, and report it to Action Fraud on 0300 123 2040. Then change that same password anywhere else you used it.
Why this is spreading now
On June 4, 2026, the City of London Police, through its Report Fraud service, issued an urgent warning that fraud reports mentioning Argos jumped 323 percent, from 154 reports in April to 652 in May, with 1,175 recorded so far in 2026. The alert was covered by consumer group Which?. This is not one phishing email doing the rounds. It is credential stuffing at scale: criminals feeding lists of leaked email-and-password pairs into Argos logins and cashing out the accounts that still work. Argos is a real UK retailer, part of Sainsbury's, and the brand is not at fault here. The reused passwords are.
What an account takeover looks like
Account takeover is quieter than a phishing email, because nothing lands in your inbox asking you to click. The first sign is usually the aftermath. You get a real order confirmation, from the real Argos, for something you did not buy.
The tell-tale signs, in the order people tend to notice them:
- An order confirmation for an item you never ordered, often a high-value one like a games console, phone, or laptop, set for click-and-collect at a store.
- A delivery or collection address you do not recognise, because the criminal changed it to a store or address they can reach.
- Argos loyalty points, vouchers, or gift-card balance spent without you touching them.
- A password-changed or email-changed notice you did not request, which can mean they are locking you out.
- A charge you cannot explain, or no charge at all. Sometimes the criminal adds their own unrelated card to the account so the purchase does not hit your saved card, and you do not see a payment leave your bank until you go looking.
The click-and-collect part is what makes this attractive to criminals. They never need a delivery to their door. They order to a store, walk in, and collect the goods, then the account goes cold.
How the criminals get in
There is no clever hack of Argos here, and no malware on your device is needed. The method is called credential stuffing, and it works because of one habit: reusing the same password across different sites.
It goes like this. Some other company, nothing to do with Argos, suffers a data breach and their user list leaks. That list contains email addresses and passwords. Criminals buy or download these lists, then use automated tools to try each email-and-password pair against lots of popular services, Argos among them. If you used the same password on Argos that you used on the site that got breached, the pair still works, and they are straight in.
Once inside, they behave like you: they place an order, usually changing the collection point, and sometimes add their own card so your saved payment method is not touched and you get no immediate alert. You find out from the order confirmation, the changed address, or the spent points, not from anything you did wrong on the day.
This is worth being clear about, because it changes the fix. A takeover from a reused password is a separate problem from a fake Argos login page. A phishing page, on a lookalike domain, is one of the ways attackers harvest a fresh password directly from you. Credential stuffing reuses a password that already leaked somewhere else. Both end in a stranger inside your account, and you want to close off both.
The fake pages that harvest passwords in the first place
Reddit's real login and Argos's real account both live on their own domains. Argos is argos.co.uk, and its help and fraud-reporting pages live at help.argos.co.uk. Anything else asking for your Argos password is a fake. The lookalike pages below are illustrative patterns, not live sites, showing the shape phishing reuses to steal a fresh Argos password, which is the other route into your account.
- argos-account-verify[.]com (Argos does not run account verification on a separate "verify" domain)
- argos-order-confirm[.]net (a fake "confirm your order" page built to capture your login)
- my-argos-rewards[.]co (a "claim your Argos points" lure on a cheap lookalike domain)
- argos-secure-login[.]help (Argos's real login is on argos.co.uk, never a "secure-login" host)
The page behind an address like these can be a near-perfect copy of the real Argos sign-in. What it cannot fake is the registered domain in the address bar. If you reach a "log in to Argos" page from a text, email, or ad and the domain is not exactly argos.co.uk, do not type your password.
Check a suspicious Argos link right now
Got an "Argos order confirmation" or "verify your account" link and not sure about it? Paste it below. Our 3-layer engine (Local + APIs + AI) follows the link, reads the page it lands on, and returns a verdict in about three seconds. Free, no signup.
What to do right now if it happened
- Change your Argos password to a unique one. Go to argos.co.uk directly, sign in, and set a password you have never used anywhere else. If you are already locked out, use the password-reset flow or contact Argos to regain access.
- Turn on two-factor authentication where the account offers it, so a leaked password alone is not enough to get back in.
- Contact Argos. Report the fraudulent order and any changed details through help.argos.co.uk so they can cancel the order and secure the account.
- Report it to Action Fraud on 0300 123 2040, or online at actionfraud.police.uk, the UK's national reporting centre for fraud.
- Change that same password everywhere else you used it. If the criminal got in through a reused password, every other account with that password is exposed too. This is the single most important step for stopping it spreading.
- Check whether your details have leaked at haveibeenpwned.com, a free breach-lookup service. If your email shows up in a breach, treat every password you used at the time of that breach as compromised.
Updated July 1, 2026.
How to prevent it happening again
Because the root cause is password reuse, the prevention is about passwords, not about spotting a clever message.
- Use a unique password for Argos, and for every account that matters. A password used in only one place cannot be stuffed into another when a different site is breached.
- Turn on two-factor authentication wherever it is offered. Even if a password leaks, the attacker still cannot log in without the second factor.
- Use a password manager so that "a unique password for everything" is actually workable. It generates and remembers long random passwords so you do not have to.
- Check haveibeenpwned regularly so you know when an email of yours turns up in a breach, and can change the affected passwords before criminals get there.
How SafeBrowz helps, and where it cannot
Being honest about scope matters here, because account takeover has two doors and SafeBrowz only guards one of them. SafeBrowz uses its 3-layer detection (Local + APIs + AI).
- Layer 1, local detection, runs inside the browser with 60+ URL pattern signatures and 550+ brand signatures. If you reach a page impersonating Argos on a domain that is not argos.co.uk, it flags the fake login before the form even finishes loading.
- Layer 2, reputation and API checks, aggregate threat intelligence including Google Safe Browsing, PhishTank, URLhaus, ScamAdviser, and scam-TLD signals, so a fake "Argos order" link that has already been reported is caught on reputation alone.
- Layer 3, AI content analysis via our proxy (Premium), reads the live page in 100+ languages and recognises a login-and-credential-capture layout impersonating a brand, which flags a brand-new clone no blocklist has seen yet.
Where SafeBrowz helps: it blocks the fake Argos login and phishing pages that steal your password in the first place, and it flags the fake "your Argos account order" confirmation links that lead to those pages. That closes the door where a fresh password gets harvested.
Where it cannot help, plainly: SafeBrowz cannot stop a criminal reusing a password that already leaked from a completely different company's breach. No browser tool can, because that login happens on the real Argos site with a real password. That door is closed only by a unique password plus two-factor authentication. Use SafeBrowz to stop the phishing route, and unique passwords with 2FA to stop the credential-stuffing route. Together they cover both. The free browser extension does this on desktop, and the SafeBrowz Android app on Google Play applies the same engine on your phone.
Detection signatures come from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.
Block the fake Argos login before you type
SafeBrowz is a free browser extension for Chrome, Firefox and Edge (Safari coming soon), plus a live Android app, that follows an "Argos order confirmation" or "verify your account" link to where it lands and flags a fake Argos login before you enter anything. It recognises 550+ brands, auto-flagged when a page tries to impersonate them, with AI content analysis in 100+ languages for brand-new clones. Free forever, no account needed. Questions: [email protected].
Bottom line: an Argos order confirmation for something you did not buy means your account was taken over, and the usual cause is a password you reused that leaked in someone else's breach. Change it to a unique password, turn on two-factor authentication, tell Argos through help.argos.co.uk, report to Action Fraud on 0300 123 2040, and change that password everywhere. Put SafeBrowz on your browser so the fake Argos login page that harvests passwords gets flagged before you ever type one in.
Frequently asked questions
I got an Argos order confirmation for something I did not buy. What does it mean?
It usually means someone logged into your Argos account and placed the order. The most common cause is a password you used on Argos that was reused from another site and leaked in that site's data breach. Change your Argos password to a unique one straight away, turn on two-factor authentication, and contact Argos through help.argos.co.uk to cancel the order.
How did someone get into my Argos account without hacking Argos?
Through credential stuffing. Criminals take email-and-password pairs leaked in other companies' data breaches and try them automatically against many sites, including Argos. If you reused the same password on Argos, the pair still works and they get in. Argos itself does not need to be breached for this to happen.
Why is there no charge on my card for the fraudulent Argos order?
Sometimes the criminal adds their own unrelated card to your account so the purchase does not hit your saved payment method, which means you get no immediate charge alert and may not notice for a while. That is why the order confirmation, a changed delivery address, or spent points are often the first sign, not a bank charge.
How do I report Argos account fraud in the UK?
Contact Argos through help.argos.co.uk to report the fraudulent order and secure your account, then report the fraud to Action Fraud, the UK's national reporting centre, on 0300 123 2040 or online at actionfraud.police.uk. Also change the reused password everywhere else you used it.
What is the real Argos website and login?
The real Argos site is argos.co.uk, and its help and fraud-reporting pages are at help.argos.co.uk. Any login or "verify your account" page on a different domain, such as an "argos-verify" or "argos-secure-login" host, is fake, no matter how closely it copies the look of the real sign-in.
Can SafeBrowz stop Argos account takeover?
SafeBrowz blocks the fake Argos login and phishing pages that steal your password in the first place, and flags fake "Argos order" confirmation links. It cannot stop a criminal reusing a password that already leaked from another company's breach, because that login happens on the real Argos site. So pair SafeBrowz with a unique Argos password and two-factor authentication to close both routes in.