Supermarket giant Woolworths says it has implemented multiple changes to its Woolworths Rewards loyalty program after 130 customers fell prey to online scams targeting their rewards points.
Rewards accounts were accessed with “valid login and password details”, which Woolworths says indicates third-party websites are involved.
“Woolworths has investigated and found no evidence to suggest its systems have been breached or compromised,” a spokesperson said in a statement provided to SmartCompany.
“Fraudsters have obtained login credentials from online scams or other sources.”
Woolies has locked down hundreds of additional accounts with suspicious point redemption in a precautionary step and will reimburse customers with any missing points.
The supermarket giant says it’s made a slew of changes to its policies in response to the scam, including enhancing password security and implementing notifications for customers when their details are changed.
Woolworths also now requires passwords to contain at least eight characters, a number, and upper and lower case characters.
It’s not the first time the company’s customers have been targeted by online scammers. There’s has an entire section on Woolworths’ e-commerce website dedicated to digital fraudsters.
Examples include phishing websites claiming to offer chances to win gift cards, or opportunities to fill out feedback surveys.
In one case, customers are invited to take a “1-minute survey” for a $550 Woolies gift card, on a website created to mimic the supermarket’s own branding.
The supermarket is also not the only large retailer to be targeted by such scams; competitor Coles is also regularly targeted with fake text message and email scams.
Woolworths’ director of loyalty, Ingrid Maes, said the online scams are becoming more sophisticated.
“It’s clear fraudsters are becoming more sophisticated in the ways they target users online and our members are unfortunately not immune to these threats,” she said in a statement.
Woolworths said it is continuing to investigate and will advise relevant state and territory law enforcement agencies as appropriate.