Hundreds of customers have reported their accounts hacked and points stolen.
The supermarket giant says there’s no evidence of its internal systems being breached, but has responded to the mass theft of points by tightening account controls through increasing password security.
There are currently as many as 11 million users of the Woolworth’s Rewards program.
Woolworths believes the scams are targeted attacks on customers rather than a breach of the company’s internal systems. Photo: News Corp
“Fraudsters are becoming more sophisticated”
On Wednesday, Woolworths sent an email to hundreds of customers to inform them their accounts had been hacked, and promised to reinstate any stolen points.
“We value the trust of our members and take our responsibility to uphold the security of their accounts seriously,” Woolworths director of loyalty, Ingrid Maes said.
“It’s clear fraudsters are becoming more sophisticated in the ways they target users online and our members are unfortunately not immune to these threats.
“That’s why we’ve put in place a range of new account security controls to help our members keep their accounts more secure.
“As always, we encourage our members to remain ever vigilant of online scammers and to keep their accounts as secure as possible with strong and unique passwords.”
An accumulation of 2000 points can save customers $10 on their next shop.
Protecting your account for future use
Woolworths has implemented a number of changes to the way member accounts are managed so that security is stronger against attacks from scammers:
Changes to point redemption preferences will require a one-time security code that will be emailed to the user.
Enhanced password security:
New passwords will require eight characters, a number and a combination of upper and lower case characters.
Auto-notification of redemption settings changes:
If a member’s redemption settings change, they’ll receive an email notification confirming the change.
“Report scams immediately”
Australia has seen a rise in online scams according to new data from the Australian Competition and Consumer Commission. In 2018, Australians have reported 104,000 scams totally $184 million.
“If you think you have provided your account details to a scammer, contact the institution immediately to report it,” an ACCC spokesperson said.
The commission further warned consumers, when using retail websites, make sure you know who you’re dealing with.
“If it is an Australian company, you are in a much better position to sort out the problem if something goes wrong.”
It also advises that customers pay for items online using a secure payment service like Paypal, or a website with an “https” and closed padlock symbol in the menu bar.
If you believe you have been scammed, you can visit Scam Watch.