2 min read

Loyalty program fraud targets 600,000 Tesco shopper accounts

Alina BÎZGĂ

March 05, 2020

Loyalty program fraud targets 600,000 Tesco shopper accounts

U.K. supermarket giant Tesco has recently warned its loyalty program members of a security incident that may have affected over 600,000 Clubcard holders.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customer”s Clubcard vouchers,” said a Tesco representative. “Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

The supermarket chain believes fraudulent activity in customers” accounts was possible due to older data breaches and leaks, and that the attackers accessed the accounts using login credentials stolen from other websites. This is not hard to believe, since shoppers often use the same username and password for more than one online account.

Data breaches appear to be common events these days. Find out more about how you can regain control of your personal information with Bitdefender”s Digital Identity Protection.

Customers quickly reacted on Twitter, posting screenshots of the notification email. A snippet of the official message reads: “We recently became aware of some fraudulent activity on your Clubcard account, which included an attempt to access your Clubcard vouchers. We picked this up quickly, and to be on the safe side, blocked your account immediately.”

After apologizing for any inconvenience, Tesco said no loyalty point will be lost and that the company will issue new cards for affected members. Most importantly, it emphasized that no financial data was accessed, and, as an additional security measure, customers will be asked to reset their account passwords.

This is not the first security incident to affect the company. In 2016, Tesco Bank fell victim to a cyber attack that targeted the financial information of debit card holders. Threat actors from Brazil stole over £2 million from 8,261 customer accounts. The attack resulted in a fine of over £16 million from the UK”s Financial Conduct Authority (FCA).

The most recent threat should serve to remind us of the importance of not recycling old passwords, and that the effects of data breaches never really end. Loyalty programs pose a rich target for cyber criminals. The most popular strategy for reward program fraud is credential stuffing, meaning that the attacker inputs user credentials exposed in previous breaches. If credentials are not up for grabs on the dark web, scammers use other nefarious methods such as phishing emails. You might not suspect that criminals crave loyalty benefits and vouchers, but they are becoming increasingly lucrative as more and more companies create reward memberships to keep customer attrition.  

According to Forter, loyalty program fraud has increased by 89% over the last year, with total losses estimated at $1 billion. The next time you sign up for a new loyalty program, avoid re-using an old or existing password and enable a multi-factor and two-factor authentication method. Of course, don”t forget that a local security solution is the first line of defense when it comes to securing your online activity and protecting yourself from malware attacks.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read