Art and culture

Nectar point nabbers scam solved? We discover evidence of secret groups trading YOUR supermarket reward points

Criminals are using secret channels to sell Nectar card balances to defraud unsuspecting customers, a This is Money investigation reveals.

This year, hundreds of our readers have been in touch about their stolen loyalty points with thousands of pounds worth of rewards going missing.

Indeed, since we wrote an article 10 days ago about another Nectar theft, 72 more have contacted us to say they’ve had points worth just over £7,800 nicked.

A common theme has cropped up in all the cases – victims have no idea how the points were nabbed, while our attempts to get an answer from Sainsbury’s meet a constant brick wall. 

Now, we can reveal that criminals are using social media and secure messaging channels to sell data attached to up to 1,000 Nectar accounts at any given time.

Nectar scam: Criminals use secret channels to advertise Nectar account codes 

We found evidence of criminals selling codes linked to Nectar accounts through a secret channel on the secure messaging service Telegram.

It calls into question Nectar’s security system and just how safe customer data and balances are.

One Telegram group advertising a ‘Nectar code restock’ was selling 500 accounts on the new database for £45 and 1,000 codes for £350 on the old database, which they say have a higher hit rate.

The idea presumably being that at least one or two of the accounts will have a large balance for the criminal to pilfer. 

One message said: ‘Balanced £5+ guaranteed. It could be £5 or £500 or £750 what ever way ur profiting [sic]’.

It remains unclear how criminals have access to so many account numbers – there are no flash alerts, no stolen cards and no dodgy phone calls.

Plenty of theories have circulated online about account numbers and bar codes but it remains a mystery.

Criminals are posting Sainsbury's receipts which reveal a customer's Nectar point balance

Criminals are posting Sainsbury’s receipts which reveal a customer’s Nectar point balance 

Jake Moore, global cybersecurity adviser at ESET told This is Money that the Nectar system ‘didn’t seem like a very complex system… it’s a numbers-based algorithm.’

Another post on the Telegram channel shows evidence of a small purchase at a Sainsbury’s store.

At the bottom of the receipt, the account holder’s full Nectar balance is on display, meaning criminals can continue to use the account without the legitimate account holder being immediately aware.

The criminals say that once they know the balance, they can ‘mash the store and pay with Nectar’.

In addition to Nectar balances, the Telegram channel also offers subscribers the opportunity to buy balances from other major loyalty programmes.

Since we first wrote about the issue in January, a deluge of readers have been in touch to tell us about their stolen points.

In August, we calculated that over 1million Nectar points had been stolen from our readers and since then hundreds more have been in touch with the same issue.

Despite This is Money publicising the issue, criminals are becoming more brazen in stealing points.

A cursory look at Nectar’s X account shows that customers are getting in touch nearly every day with complaints about stolen points.

And secret messaging services could be the reason behind the spike in stolen points.

Moore told This Is Money that he had seen far more services, data and illegal products being sold on Telegram.

‘It’s becoming the open web version of the dark web because of its anonymity. It’s a simple place for criminals to sell anything and it keeps people hidden.

‘I’m not seeing as much use for the dark web in illicit material… you’ve got anonymising tools as an app in your pocket, in the guise of Telegram or Discord. You open up your market tenfold and can advertise on TikTok or Instagram.’

We contacted Sainsbury’s with evidence of the criminal groups selling customer data. 

A Sainsbury’s spokesman said: ‘We are working closely with the police on this issue and have a range of measures in place to help us detect and in many cases prevent fraud.’

Have you had your Nectar points stolen? Get in touch editor@thisismoney.co.uk

SAVE MONEY, MAKE MONEY

Chase current account required*

3.75% AER Var.

Chase current account required*

3.75% AER Var.

Chase current account required*

Prosper rate boost on GB Bank

4.91% 6 month fix

Prosper rate boost on GB Bank

4.91% 6 month fix

Prosper rate boost on GB Bank

No account fee and free share dealing

Free share offer

No account fee and free share dealing

Free share offer

No account fee and free share dealing

Flexible Isa that now accepts transfers

4.84% cash Isa

Flexible Isa that now accepts transfers

4.84% cash Isa

Flexible Isa that now accepts transfers

Get £200 back in trading fees

Dealing fee refund

Get £200 back in trading fees

Dealing fee refund

Get £200 back in trading fees

Affiliate links: If you take out a product This is Money may earn a commission. These deals are chosen by our editorial team, as we think they are worth highlighting. This does not affect our editorial independence. *Chase: 3.69% gross. Ts and Cs apply. 18+, UK residents

  • For more: Elrisala website and for social networking, you can follow us on Facebook
  • Source of information and images “dailymail

Related Articles

Leave a Reply

Back to top button

Discover more from Elrisala

Subscribe now to keep reading and get access to the full archive.

Continue reading