2 min read

Loyalty program fraud targets 600,000 Tesco shopper accounts

Alina BÎZGĂ

March 05, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Loyalty program fraud targets 600,000 Tesco shopper accounts

U.K. supermarket giant Tesco has recently warned its loyalty program members of a security incident that may have affected over 600,000 Clubcard holders.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customer”s Clubcard vouchers,” said a Tesco representative. “Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

The supermarket chain believes fraudulent activity in customers” accounts was possible due to older data breaches and leaks, and that the attackers accessed the accounts using login credentials stolen from other websites. This is not hard to believe, since shoppers often use the same username and password for more than one online account.

Data breaches appear to be common events these days. Find out more about how you can regain control of your personal information with Bitdefender”s Digital Identity Protection.

Customers quickly reacted on Twitter, posting screenshots of the notification email. A snippet of the official message reads: “We recently became aware of some fraudulent activity on your Clubcard account, which included an attempt to access your Clubcard vouchers. We picked this up quickly, and to be on the safe side, blocked your account immediately.”

After apologizing for any inconvenience, Tesco said no loyalty point will be lost and that the company will issue new cards for affected members. Most importantly, it emphasized that no financial data was accessed, and, as an additional security measure, customers will be asked to reset their account passwords.

This is not the first security incident to affect the company. In 2016, Tesco Bank fell victim to a cyber attack that targeted the financial information of debit card holders. Threat actors from Brazil stole over £2 million from 8,261 customer accounts. The attack resulted in a fine of over £16 million from the UK”s Financial Conduct Authority (FCA).

The most recent threat should serve to remind us of the importance of not recycling old passwords, and that the effects of data breaches never really end. Loyalty programs pose a rich target for cyber criminals. The most popular strategy for reward program fraud is credential stuffing, meaning that the attacker inputs user credentials exposed in previous breaches. If credentials are not up for grabs on the dark web, scammers use other nefarious methods such as phishing emails. You might not suspect that criminals crave loyalty benefits and vouchers, but they are becoming increasingly lucrative as more and more companies create reward memberships to keep customer attrition.  

According to Forter, loyalty program fraud has increased by 89% over the last year, with total losses estimated at $1 billion. The next time you sign up for a new loyalty program, avoid re-using an old or existing password and enable a multi-factor and two-factor authentication method. Of course, don”t forget that a local security solution is the first line of defense when it comes to securing your online activity and protecting yourself from malware attacks.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read