Stolen Woolworths Reward Dollars from Account

Happened to notice, just by accident, that the Reward Dollars on my Woolworths Reward Dollars account was almost zero, whereas it should be $60 plus.

Logged into my account and saw that someone in WA (I am in Victoria) had redeemed $60.00 from my account balance a few weeks ago

Weird part is that on checking the transaction the person bought $61.50 of groceries, redeemed $60.00 of my points and charged $1.50 to a Mastercard debit card.
Anomalies are (a) why would someone commit fraud and then charge to a debit card that can be traced (b) how did the person seemingly know the balance of my reward dollars so as to buy just enough goods to use them up and (c) to redeem points one needs a membership card to scan at the checkout.

Smacks of an inside job to me!

Contacted Woolworths by an online chat session, which took 35 minutes to be connected, which was better than a quoted 59 minutes for a person-on-person chat. Response was basically "OK we will look into the matter" - that was two weeks ago and heard nothing since.

Those with Woolies Reward accounts may be wise to keep tab on their account.


Mod Note: Thread was accidentally merged into the wrong thread, leading to comments being in the wrong order.

Related Stores

Everyday Rewards
Everyday Rewards

Comments

    • +3

      Woolies have attempted to ignore and bury this issue for at least the last couple of years.
      Obviously, after all of the present publicity about corporate systems being hacked they have decided to try and get on the front foot by admitting to a problem.

      • +2

        get on the front foot

        Do we still use this phrase if they have dragged their heels for years?

      • +2

        They are admitting there is a problem but not that it is theirs. Again, the advice is

        Customers are being urged to make sure they have strong passwords, including numbers, capital letters, and special characters.

        So, it's still the customer's fault. This is the same line they have been peddling for over a year. A similar thread started in September last year.

        https://www.ozbargain.com.au/node/651164

    • +1

      I think some people have pointed out this issue earlier, over here. Good to see that the media is finally reporting it. Woolies probably need to follow Flybuys where the physical card and pin is needed, which is a much safer option.

    • This has been happening for years. Everyone just turns a blind eye to it.

    • Sole reason I do qantas points, I don't really want to but it's the most secure way to earn reward points from woolies.

      • +1

        If you aren't into travelling, is there any way to convert these points other than through the Qantas Rewards Store?

        2000 EDR points => 1000 Qantas Points … is surely not the OzBargain way.

        • +2

          Yes, one way to lock it indeed:

          Place an online order for exact $30 (or more)
          Redeem $30 EDR off
          Cancel the purchase
          Get a $30 store credit valid for 3 years

          If you really will not shop online for 3 years, contact customer service to convert it to eGC. One store credit can be used with another same one and other promo codes. It is as good as eGC when shop online, legit spend for bonus pts offer. I prefer the $30 as it is the minimum and more flexible to use it later, while one $100 store credit is better for eGC conversion. I have stacked 3 store credit codes plus monthly 10% off in one purchase.

    • Happened to me yesterday. Had $20 credit stolen from my rewards account. Someone bought $20 worth of stuff from a store I've never been to.

  • Anyone else receive one of these e-mails from Everyday Rewards?

    "At Rewards, your privacy is our priority. We have robust security measures in place to safeguard your information and actively monitor any suspicious activity. During these routine checks, we found some suspicious activity on your account which we are confident originates from outside Everyday Rewards.
    We have found no evidence to suggest our systems have been breached or compromised in any way. This indicates fraudsters have likely obtained login credentials from online scams or other sources.
    To ensure your account is protected, we encourage you to cancel your Everyday Rewards Card and request a replacement card via the website or app. We strongly advise that you download and use the Everyday Rewards app when engaging with the program. The app also gives you access to your new card, in digital format, immediately. You can download the Everyday Rewards app through the Google Play store or App Store.
    As an additional safety measure, please reset your password on our website using a unique, strong password (see tips below). If you choose not to do this, your Everyday Rewards dollars and account may continue to be at risk. We also encourage you to change the email address you use for your Everyday Rewards account. "

    • +1

      Yep got the same email today. Thought it was in relation to the ~$700 of fraud point usage, however didn't say they were doing anything about it. Just 'your fault' talk, blaming someone else again when there are thousands of people this is happening to.

      • And soon after receiving that e-mail, I receive an Everyday Rewards e-mail telling me I have $X dollars available with the full card number included….

    • -1

      I got this email on 3x accounts i have that were hacked (lost total $50 across the 3x accounts). They were burner accounts i had accumulated $xx when they targeted offer me (spend min $0.01 for 2000 points and i would buy $0.30 carrot). I did not bother to dispute because accounts only ever used for getting these offers, i use bogus user details and probably hard to prove to them to say i did not use in this hackers suburb when account is rarely used. I did not get this email on other burner account even on account that use the username+1@gmail trick, so i suspect EDR may have found one of the possible points of entry by the hackers based on them saying 'we found some suspicious activity on your account which we are confident originates from outside Everyday Rewards'

      I got targeted offer again recently on one of the hacked account and have $10 sitting banked for xmas, plan to use before end of the month as once Dec comes i think will be a free for all with compromised accounts.

  • +2

    Haven’t read previous posts here. They just rolled out 2FA where i shopped which required me to unlock the balance on my app first at checkout

    Also for the first time it prompts me to redeem balance when when paying with everyday pay

    Nice

  • +1

    Well, thought maybe they had gotten on top of this stuff by now but nope, same old. Just had $70 stolen at an EG in NSW.

Login or Join to leave a comment