Scammers still have a shopping with stolen nectar points, where shoppers see their bills that have been emptied in places they have never visited.
In the meantime, some say that they are completely locked up from their accounts and have asked Sainsbury’s for a statement.
The supermarket introduced a ‘account lock’ function in their loyalty app in February to try to solve the problem -but representatives of the customer services are still dozens of complaints.
Mama of two Fariba Rad, from Putney in London, said Metro She was ‘really upset’ to get two e -mails on Sunday morning and to thank her for publishing her balance.
“First I started thinking when I was at Sainsbury, but then I saw that the area was Oakley and I said to myself:” Someone has hacked my points, “she said.
The thieves issued £ 12.50 in two transactions of 1000 and 1500 points, leaving them only 194 points worth 97p.
Some shoppers who contact Nectar Online said their points were spent, while they were not even in the UK, while others said they had problems with the app and ‘not even logging in’.
In recent months, cyber security has come to the spotlight in the retailers after Marks and Spencer were hit by a devastating hack that is still not fully resolved, not available with online shopping.
Supermarkets Co-op and Harrods were also the target of hackers, while sports brand Adidas was also the victim was the natural question for many if Sainsbury could also have been affected.
But the supermarket said they had no IT problems.
They confirmed that Fariba had fallen victim to fraud and that criminals use a series of tactics to try to take advantage of their popular loyalty scheme, which has more than 23 million members.
The ease with which scammers have access to nectar points was unveiled in January, then This is money revealed more than 12 million points worth around £ 63,000.
‘I didn’t even leave my house’
Another shopper from Sainsbury, the 43-year-old Amber Shuker-Bright, depicted at the top of this article, said that she and her husband lost £ 60 points.
“We do what most people do before Christmas,” said the mother of one Metro.
She realized that something was wrong when she got an e -mail and thanked her for redeeming 2000 points in Brixton on April 12, but thought, “I’m in Putney and I didn’t even leave my house.”
The mother of one said that her husband lost even more this weekend, when scammers spent 10,000 of his points, worth £ 50, in Camden.
She did not know that there had been problems with the theft in the past, or that there was an option to lock her account, and said that this had to be made clearer.
Sainsbury’s reimbursed the points of the couple after checking that they were spent outside their usual area, but sales assistant Amber said they worry that many customers would not even realize that they were the victim because they could assume that their partner had spent the points on a linked account.
She said the incident was worried about how scammers got her details and what else they have accessible.
The newspaper reported that scammers sold online account numbers, although it is unclear how they are in the first place.
Sainsbury’s has not revealed how they think scammers do this, for fear that it could encourage more fraud if they do.
Fariba, a 44-year-old professional placement advisor, said she had difficulty solving the loss of her points because her mother was the primary account holder, despite the use of the card ” For years’ with her e-mail address and problem that others also reported to representatives of the customer services.
Eventually she managed to solve the problem and a new card will be sent with the lost points that have been added.
But she described the process as “really pointless and a waste of my time” and said that the experience made her worried that criminals have her details.
How can scammers steal nectar points?
There are no ID checks to issue points, except at Argos when there is if the amount is more than £ 50.
A Maas in the law meant that anyone with the account number or barcode of a user could possibly spend his points, unless the expenditure lock function was engaged.
Last year Cian Heasley, protagonist at Adarma Cyber Security Firm, said Metro: ‘The specific nature of this vulnerability has not been disclosed, but it may be that the attackers perform a brutest-force attack. In these types of attacks, malignant persons, manually or through automation, try to log in to a customer remuneration portal using randomly generated remuneration account numbers.
‘If they do not receive’ no such user ‘or a similar error message, they know that the account is active and a barcode -scanable account can generate to issue the reward points.
‘To defend themselves against this attack, App developers must include security measures in the design of the app. For example, they must require a complete login or identity authentication to issue points and ensure that login portals do not indicate whether accounts are valid or not. Limiting the number of login attempts before a time-out is imposed can also delay brutal-force councils of attacks.
‘The attackers may also use credential filling, a cyber attack where hackers violate account information, such as user names and passwords, use to gain unauthorized access to other online accounts. To protect against the filling of the reference, it is crucial that individuals do not reuse passwords over different accounts, where possible make multifactor authentication possible and consider using a password manager to save and manage passwords for different apps and websites safe. ‘
A spokesperson for the nectar said: ‘The security of our customer accounts is our highest priority and the share of those who are affected every year by fraud is very small.
“We have a series of measures that detect and in many cases prevent fraud, including confirmation emails for point expenditures and our expenditure lock function.”
Contact our new team by sending us an e -mail at webnews@metro.co.uk.
For more stories like this, Check our news page.
More: fears for drugs ‘500 times stronger than heroin’ circulating in London after killing
More: ‘poisoned’ beef Wellington chef in Patterson tells the murder process Exotic mushrooms ‘have more taste’
More: Madeleine McCann Police with Radars to ‘search’ ditches in a new search after ‘Tip-off’
#shoppers #Sainsbury #lose #millions #nectar #points #widespread #scam