Underlying mechanism of cashback websites?
Context: My Walmart.com account was recently compromised. Someone placed 4 orders for curbside pickup halfway across the country. Walmart cancelled the orders, I changed the password, deleted saved payment info, etc. Figured that was the end of it. Couple days later, I see those cancelled fraudulent orders appear (as pending) on my account on a cashback website. But I was under the impression that cashback websites operated using tracking cookies... So if someone had my password and signed into my Walmart account, they wouldn't have those tracker cookies in their browser. But why am I seeing the pending cashback?
How is that possible? My first thought was that I had my session hijacked. (Someone stole my session cookies to access my Walmart account, and inadvertently also stole the cashback website's tracker cookies.)
But now I'm wondering if there is another potential explanation. Do cashback websites ONLY rely on the presence of those tracking cookies?
If I click through a cashback portal to Walmart.com, then from another device, place an order, is it possible that the cashback network somehow communicates with Walmart, and just assumes that the order was part of a click through session, even if the tracker cookie isn't present? I had just clicked through the cashback portal before those fraudulent orders were placed.
Any insight is greatly appreciated!
(Aside: If anyone knows of a more fitting subreddit for this question, I'll post it there instead.)
[link] [comments]
source https://www.reddit.com/r/beermoney/comments/r1nu9o/underlying_mechanism_of_cashback_websites/
No comments:
Add Comment