Woolworths Everyday rewards members are being warned to “be careful” after multiple members said they’d had saved rewards dollars stolen from their account.
One concerned shopper said their account was hacked with $310 worth of saved rewards dollars stolen.
The loyalty program run by Woolworths gives shoppers the option to bank their $10 rewards for Christmas.
Shoppers receive $10 Everyday Rewards Dollars when they collect 2000 points.
“Be careful scammers are out, they just took $310 off my account,” the shopper wrote on Facebook.
The shopper went on to say that scammers had randomly selected her card number and hacked into her account.
“I’ve closed the old account and rewards opened a new one for me and transferred remaining to the new one,” she wrote.
“Apparently they can use some random number generator to guess card numbers. They got into account and changed my email address and mobile phone number.”
While Woolworths had assisted with her stolen points, her post prompted others to say they’d also been the victims of hackers accessing their loyalty program account, stealing their saved dollars too.
“Same happened to me 2 weeks ago. Although mine was only $70. They have given me a new card number, transferred my points, but still waiting for the $70 to be put back,” one shopper shared.
“Same thing has happened to me, hacked into my account and spent everything,” added another.
“I had this happen to me... what do I do? I’m so upset this has taken me so long to get this amount,” added a third.
Other loyalty program members said they specifically chose not to bank their points for Christmas due to hackers preying on these accounts around this time of year.
Instead, some said they used up the rewards dollars as they were given to them, while others said they converted their points straight over to Qantas Frequent Flyer points.
“I always get mine converted to QFF Points for this reason. I then use my points for holidays with my family. The money I save from doing this would be much higher than the $10 here and there,” one member shared.
A Woolworths spokesperson told Yahoo News Australia they are helping customers who have fallen victim to unauthorised transactions made with their banked rewards dollars.
“We’ve been assisting a small number of members who appear to have been the victims of unauthorised access to their Everyday Rewards accounts,” the spokesperson said.
“In the cases reported to us, accounts have been accessed using valid login or account details.”
While there is a range of security and redemption controls on Everyday Rewards accounts put in place by Woolworths to help reduce the risk of points fraud, it appears the stolen points are due to an online scam.
“We’ve found no evidence to suggest our IT systems have been breached or compromised in any way,” the spokesperson continued.
"This indicates fraudsters have likely obtained these members’ login credentials and account details from online scams or other sources.
“It's a timely reminder of the importance of having strong unique passwords, updating them regularly and remaining vigilant of scams.
“If ever a member believes there has been fraudulent activity on their account, we encourage them to contact us, so we can immediately secure their account and reinstate any points.”
Customers who have had their accounts affected should contact Woolworths and any fraudulently redeemed points will be reinstated to members in full.
Woolworths increases account protection
Woolworths has recently introduced several new security measures to assist members in protecting their Everyday Rewards accounts.
From December 1 Woolworths will lock all bank for Christmas balances, meaning members will only be able to access their rewards dollars balance via the Everyday Rewards app, website, email, or hubs before they use them.
To ensure the safety of their account, shoppers should only unlock their balance when they are ready to shop.
Woolworths has also implemented extra security measures by sending a unique one-time password for logins on any new devices, or a device that hasn't been used to access the account in some time.
Additionally, members will soon only be able to log in to the Everyday Rewards app using a one-time passcode and members will now be emailed if their redemption preferences change or other personal information changes on their account.
Keeping all your accounts secure in the lead up to Christmas
The ACCC reports that more than $6 million dollars has been lost to online shopping scams in 2021 with over 17,000 cases reported.
To help keep all your accounts secure when shopping online or using loyalty programs, keep the following things in mind.
Monitor your online accounts where you have used the same or similar login details, for any unusual activity or changes.
Let the relevant providers know immediately if you suspect any unusual activity.
Be cautious of any links or attachments in emails or on social media messages if you are not sure that they are genuine.
Ensure you have strong passwords that you haven’t used across other accounts. If you have emailed yourself online account passwords, such as your online banking password, change these to something new.
Enable multi-factor authentication for your email accounts where possible.
Customers who have concerns or questions about their account should contact the Everyday Rewards contact centre.
Never miss a thing. Sign up to Yahoo Lifestyle’s daily newsletter.