Stolen Woolworths Reward Dollars from Account

Ocker on 14/09/2021 - 19:36
Last edited 26/10/2021 - 09:36 by 1 other user

Happened to notice, just by accident, that the Reward Dollars on my Woolworths Reward Dollars account was almost zero, whereas it should be $60 plus.

Logged into my account and saw that someone in WA (I am in Victoria) had redeemed $60.00 from my account balance a few weeks ago

Weird part is that on checking the transaction the person bought $61.50 of groceries, redeemed $60.00 of my points and charged $1.50 to a Mastercard debit card.
Anomalies are (a) why would someone commit fraud and then charge to a debit card that can be traced (b) how did the person seemingly know the balance of my reward dollars so as to buy just enough goods to use them up and (c) to redeem points one needs a membership card to scan at the checkout.

Smacks of an inside job to me!

Contacted Woolworths by an online chat session, which took 35 minutes to be connected, which was better than a quoted 59 minutes for a person-on-person chat. Response was basically "OK we will look into the matter" - that was two weeks ago and heard nothing since.

Those with Woolies Reward accounts may be wise to keep tab on their account.

Mod Note: Thread was accidentally merged into the wrong thread, leading to comments being in the wrong order.

Food & Grocery Reward Points

Related Stores

Everyday Rewards

Marketplace

Comments

GourmetFoodie on 05/04/2022 - 13:16

Jesus this is bad stuff! Woolworths needs to get their act together.
kitsch on 06/04/2022 - 01:35

Just found out $20 stolen…
I earned the reward on Sunday and they stole it on the Monday.
bamzero on 07/04/2022 - 12:36

I'm wondering now if they are getting access to the emails Woolies sends out when you get new rewards dollars, rather than the rewards account itself (though I see some have had EDR password request resets.)

Was looking at the email I received when I got new dollars, it has my rewards card number, and a big "congrats you've now got this much to spend" balance included.
Everything I'd need to generate a barcode and know exactly how much to spend in store.
Grale on 10/04/2022 - 13:36

ugh these guys just don't give up. i believe they are trying to brute force their way in with passwords now.
Ocker on 10/04/2022 - 18:45

+1

I don't understand why, since I first started a thread on this subject and the subsequent numerous posts of members that have been similarly ripped off, this mass fraud is still occurring.
Nothing in the press, ACA news etc etc.
Go figure
- Grale on 11/04/2022 - 10:01
  
  i think i saw one or two really old articles about it.
  who knows the reason why but glad to have found this thread to know I'm not the only one being affected!
  WW definitely knows about it, probably $$ wise it's not big enough for them to worry about.
WookieMonster on 11/04/2022 - 22:17

+4

A heads up for any of you who present your Everyday Rewards card at Ampol locations accepting Everyday Rewards; some of these locations print the full 13 digit Everyday Rewards membership number on the receipt.

To be clear, not all locations do this. Some Ampol locations simply print on the bottom of the receipt Everyday Rewards card accepted at the bottom of the receipt, but some other locations print Woolworths Rewards card accepted and include all 13 digits.

I would be extremely surprised if Ampol staff had any way of seeing what your balance or redemption type on their own POS systems, as you cannot redeem Everyday Rewards Dollars at Ampol. However, there isn’t a lot stopping them from printing a duplicate receipt, obtaining the membership number, then going to Woolworths, BIG W, EG Australia or BWS, scanning (or manually entering) the membership number and seeing how much is on the account, as well as the redemption type. Sure, this probably isn’t a very efficient way of obtaining Everyday Rewards membership numbers, but at least Ampol staff know that the Everyday Rewards membership number on the receipt is for an active account.

Before anyone asks, EG Australia is not that bad, as they only print the last four digits of the Everyday Rewards card number on the receipt. There are actually 20,000 unique Everyday Rewards numbers that use the same last four digits printed on a receipt, so EG Australia staff would have a much harder time figuring out your Everyday Rewards membership number solely based off the receipt.
- Grale on 12/04/2022 - 14:28
  
  +2
  
  thanks for the heads up Wookie!
- Lucky13 on 26/04/2022 - 16:32
  
  +1
  
  Wow this should be brought to the attention of Everyday Rewards and Ampol immediately. The Everyday Rewards full 13 digit number shouldn't be printed on Ampol receipts, that's a major breach of privacy. It seems like a lot of people actually amount quite a lot of ER dollars on their accounts and this could be spent by anyone that finds these receipts. I hope this will be fixed immediately Everyday Rewards and Ampol.
kosh52 on 19/04/2022 - 09:55

+3

Some bastard hacked into my wollies rewards account and nicked 30 bucks which I was going to use for me groceries. Then some other bastard hacked in again despite getting a new rewards account and nicked a further 20 bux. This was all in a space of 7 days. I got the e receipts on my phone from shops in Gold Coast and Sidney despite me living in vic.

One prick bought $30 worth of prawns for free, hope he got a bad batch and gets the squirts. Other prick bought $20 worth of Vee Energy Drink. Hope he get heart palpitations
Samsungnote10 on 24/04/2022 - 12:42

+3

https://www.ozbargain.com.au/comment/11813656/redir

this whole shenanigans is laughable

so i called up a few weeks ago to get an update and to report another unauthorised password request

I got told for security they would lock my account, but I would still be able to use it

i had a few weeks where I had no stolen transactions or pass word requests, while i could always access the app

ive been getting a password request every couple of days, I accidentally logged out of my account and now it wont let me back in saying "the account is locked"

so the irony is that scammers can access my account, but I cant access my own!
- DoctorCalculon on 24/04/2022 - 20:38
  
  You must have a target painted on your back.
  
  This has to be an inside job.
- King Tightarse on 25/04/2022 - 00:30
  
  I wonder what the meant about "they will lock your account" if you were still able to use it?
  What would be locked? Perhaps you would be able to add points but not withdraw?
  They really have an odd, flawed system
  - DoctorCalculon on 25/04/2022 - 20:10
    
    +1
    
    Coles / FlyBuys isn't perfect, but they have at least got a decent security mechanism around redemption.
Lucky13 on 26/04/2022 - 16:20

Sorry to hear of your Woolworths Everyday Rewards dollars issue. I actually spend my rewards dollars once they reach $10/2000pts and hadn't had a problem until recently when I amounted $30/6000pts from a promotion. I spent the $30 rewards dollars on an online order which failed and then I lost the $30 worth of rewards. A short chat with the Woolworths online customer service team fixed the issue and I was emailed a $30 voucher to spend on a future order. Was annoying the hiccup happened, but was fixed quite quickly. What you're talking about is a lot worse and several people seem to be complaining about being hacked and their dollars stolen. Hope the issue is fixed, it's not really acceptable. Maybe they need to look into tougher security measures in their online systems?
Nanday on 28/04/2022 - 17:11

+1

This just happened to me also. Yesterday I shopped at my usual Woolies and used an accrued $30 rewards dollars (redeemed them). I was due to get an additional 3000 points for completing a 3 week purchase offer: when I checked this morning there were two transactions, both for baby formula (A2), both the same amount of $33.00 or so, both at a store I had never shopped at in Garden City Qld. My acct had been credited the 3000 points, so the hacker had used the first $10.00, then my rewards account went to another $10.00 credit as it was nearly at 2000 points. They then ran through a second identical transaction and took the second $10.00 rewards dollars credit. They paid with a Visa card (I don't have a Visa card). I phoned Woolworths and they were helpful and said that those two transactions would be reversed after investigating, it would be passed on to their IT dept. They cancelled my Rewards card and said I'd get another in about a week. They seemed to be well aware that this is happening.

I tried to find info online about how hackers are doing this, at first I was more worried about the potential that someone had hacked things like my credit cards, but it appears to be isolated to the everyday rewards dollars. One suggestion was that people are clicking on phoney links and this leads to losing the information (I don't). Another suggestion is that random account number generation software yields accounts with accrued dollars and this is sold on the dark web. This seems most likely in my case, if I had not used the $30 of accrued dollars, it would have been available a few hours later when the hacker ran through an order of $33 on baby formula. So if they bought my details off the dark web, they got cheated. They only got $10 off, that then triggered another $10 accrued rewards which they then took with another identical purchase. They could have used a stolen credit card, I don't think they'd be stupid enough to use their own Visa.

The thing is, Coles avoids this with Flybuys by making us put in a security code before the Flybuys dollars are applied. It would seem an adequate and simple fix for Everyday Rewards to implement this. The security code is only known by me, the purchaser. Whereas once someone gets hold of an Rewards account number, they can input it into an app like Stocard which then generates a barcode to match, which makes it easy for the thief to scan when they are purchasing. Too easy. Woolworths really needs to fix this, it's an ongoing fraud issue.
- Grale on 28/04/2022 - 17:44
  
  +1
  
  Do change your ER account's password and switch it to "bank for christmas" until you are ready to use the credits.
  My ER account is constantly being locked out due to someone trying to access it.
  There are currently 3 ways to access your ER account: password, one time code via SMS or one time code via email.
Ocker on 28/04/2022 - 18:48

+3

Since I first raised this issue about 8 months ago the number of people experiencing the same hacking is increasing.
Begs the question - at what stage will Woolworths officially acknowledge a serious security breach, or at least the mainstream media feature the problem and hopefully save others from the endemic fraud which continues unabated.
- Nanday on 29/04/2022 - 08:59
  
  +1
  
  That was the point I was making, and thanks for starting this thread. This is not something the consumer should have to 'fix' with new passwords and new cards and putting points into QFF instead of using them on shops, etc. This is a Woolworths software issue, even if they claim their database has not been compromised. Coles has a four digit code requirement before the system accepts a request for redemption - I give Woolies a big fail for trying to hand the problem back to us, saying we don't change our password enough, etc. And they offer no alternative explanation why this is happening, except it must be happening a lot as they very quickly told me they would return the points and send me a new card, and I don't need advice from people as though this is my problem, it is not. I have a strong Norton anti-virus program running, I don't click on any email phishing links and subscribe to a password generating/storage software. Before I retired, I was the co-owner of a computer sales company, I'm not a novice. Woolworths needs to fix this.
  - Samsungnote10 on 29/04/2022 - 09:02
    
    +1
    
    i received a sms saying "your account issus have been resolved" so I called up to see what was going on and they told me that msg was for the credit refund for the previous week and my account issues were still being looked at.
    
    got another password request yesterday as well!
- Neoika on 30/04/2022 - 15:53
  
  The worst is yet to come. Everyday Pay is now rolling out, which means the person who scans your card may pay with your bank card too! I haven't used it yet, but it seems to be possible. Just warn everyone of not using it till much later.
Nanday on 02/05/2022 - 13:02

Woolworths already has an app called 'Money' which I use because I buy gift cards rather than using cash or credit cards, and I can load the gift cards on it and scan for payment. These were not stolen so I am assuming that it was no one standing near me or using some kind of reader for my phone. So Everyday Pay seems to be rolling their Money app in with the Everyday Rewards account. Thanks for the heads up, I won't use this unless they put a security code requirement on it at time of use at the checkout. Woolworths can tell us all they want that they are not at fault and there has been no breach of their systems, but unless they can offer a plausible explanation as to how this is happening, I intend to be much more careful with using the website. I am going to put my points into QFF and when I accumulate enough, I can redeem them for Woolworth's gift cards. The downside is that it is more points-expensive to do that, but I feel I am forced to because I no longer trust their Everyday rewards points redemption system.
puffinfresh on 02/05/2022 - 18:41

$30 stolen a few days ago. My first lot. Now the fun begins. Used at petrol station, so if they filled their car, the licence plate would be on camera.
- Ocker on 02/05/2022 - 19:22
  
  Join the club !
- puffinfresh on 02/05/2022 - 19:38
  
  They will have bought fuel because a 4c voucher has disappeared too. Anyway, WW said it's likely my email was comprised and made me change to a new card number and email. They are transferring things over (I hope my receipts go to because I need some for tax). I don't think my email has been compromised because it has 2FA and I get notifications when there is a new log in.
  - puffinfresh on 10/05/2022 - 12:51
    
    I got my $30 back today. Receipts also moved across straight away, but there was a booster that wouldn't activate earlier in the week.
  - Matt P on 31/05/2022 - 00:06
    
    The "its not us, you probably were compromised somewhere else" is a scripted response now.
    
    I'm almost certain they've either had a previous breach or an ongoing breach or the theft is internal to woolies.
stoodamire on 02/05/2022 - 19:59

Well I fell victim today.

$50 stolen from Big W Rouse Hill. Other side of Sydney from me.

Gonna call them up tomorrow morning.
- stoodamire on 10/05/2022 - 12:26
  
  Got the $50 back today. Pretty timely.
R n b on 04/05/2022 - 19:48

+3

Just now, iam from Adelaide and someone from doncaster used my $700 plus rewards, reported reward team, they said they gonna investigate but I don’t know how long it takes??? Compare with flybuys, ER is not much secure as FB has 4 digits pin system plus they need physical card and needs to convert in $$$$ before using. With ER, if someone has your card, pic of that ER card is enough, it doesn’t need pin, no need of physical card and no need to convert into $$$ as well before using card and in receipt it says how much you have balance. That person first tried using $10 rewards then he checked receipt, it was $700 plus so he finished all the balance afterwards.
- Lucky13 on 04/05/2022 - 21:33
  
  They definitely need to fix the problem somehow. Maybe if they could start using a four digit security pin or something similar things might improve. $700 though, I'm impressed you saved so much. That's so disappointing that you lost it all. I hope you get it back.
  - puffinfresh on 05/05/2022 - 10:35
    
    +1
    
    Even the ability to limit it to certain stores, or at least your own state, would be helpful.
  - R n b on 07/05/2022 - 10:52
    
    Is that so much hard for these type of “ giant” companies to make card more secure like set 4 digits pin ????
    - DoctorCalculon on 10/05/2022 - 20:57
      
      It is not hard. They just haven't prioritised the work.
      
      You might notice they are too busy replacing all the checkout terminals with video cameras.
- JIMB0 on 05/05/2022 - 09:40
  
  What did they buy?
  - R n b on 05/05/2022 - 09:59
    
    Lots of toys, rugd, clothes etc in big w and normal grocery in Woolworth…
- kspara on 09/05/2022 - 20:39
  
  I had $480 used up from my account on the 28th April.
  [In SA, but it was used at the Big W, Fountain Gate in VIC]
  The person bought an Apple watch for $549, and paid the balance of $69 with a mastercard (probably prepaid)
  
  Reported it on the 28th and they returned the dollars on Friday 6th May - according to the EDR app. I didn't realise they had returned it till I received a text message from Woolworths today, saying the dollars had been credited back to me.
  
  Hopefully, you won't have to wait so long to get your dollars back.
  - R n b on 14/05/2022 - 19:07
    
    Bit funny and serious same time….my partner”s money was stolen just now from Melbourne too. She saved money for xmas but still they managed to change automatic savings, …..strange thing is they managed to change her email and password but not phone number….
Eldub on 07/05/2022 - 06:44

Just noticed had $40 stolen to buy Baby formula in Highpoint. I live in Queensland
- sub102 on 13/05/2022 - 16:14
  
  Same was bought using mine in Sydney. Where's Highpoint btw? I'm in QLD too
  - Eldub on 14/05/2022 - 07:26
    
    Victoria
Samsungnote10 on 10/05/2022 - 13:16

+1

i vote victoria to be the fraud capital of australia!
- kickling on 10/05/2022 - 13:20
  
  +1
  
  Looks like ADL is a close second
sub102 on 13/05/2022 - 16:11

Had $30 rewards and someone made an exact $30 transaction in Sydney when I'm in QLD. Complained and after some hassle and a change of card number Woolies rewards reimbursed that
Chickenleg on 13/05/2022 - 16:42

+1

Oh man, was linked from the deal thread and have now just realised I’ve had $30 taken a couple of weeks ago. Baby formula, and I’m in Adelaide too. This is something that urgently needs to be fixed!!!
aneil915 on 13/05/2022 - 16:44

+1

My wife had $80 taken too. Lucky Woolworths credited her account with the missing money but something needs to be done to fix this issue.
naruto128 on 13/05/2022 - 20:29

Same here. Lost 80 bucks too. My activity showed the unauthorised purchase in NSW Town Hall station yet I have the card and they did not request a new one. Have they managed to clone the cards? Kept telling Woolies they should require PIN like Flybuys for redemptions.
- puffinfresh on 13/05/2022 - 22:40
  
  +1
  
  There's no need for the card. You can generate the barcode in apps like Stocard.
  - WookieMonster on 17/05/2022 - 21:50
    
    … or you can ask the staff to go into the assisted mode at a self-service checkout and manually type in the 13 digit barcode.
King Tightarse on 13/05/2022 - 22:01

Anyone worked out how they are doing it yet? It is obviously rife
- kickling on 13/05/2022 - 22:48
  
  The raw data has to be coming in from somewhere. And I don't think it is hacked email accounts like WW accuse members, because even with details changed like reissued member numbers, new emails and new phone numbers, it seems to be happening repeatedly to individuals.
  
  My guess is leaked or hacked data from their database. Inside job or a vulnerability not yet discovered.
  
  There's no realistic way a combination of brand new membership number x personal details could be randomly guessed.
  - King Tightarse on 13/05/2022 - 22:51
    
    Right. I am certain it's not hacked email as ww keep suggesting. Inside job sounds quite possible
- Neoika on 14/05/2022 - 09:23
  
  +1
  
  I think this will come to an end as ED Pay rolls out. Once it gets more people on board to use it, you may only redeem $EDR by scanning QR code. In other words, having the card number is not enough to redeem $EDR. You must in a logged-in status in your APP to redeem them.
ady211 on 17/05/2022 - 07:25

Lost $20 couple of days back. Will be calling Woolies seems like someone has cracked code to guess EDR numbers
ATD on 17/05/2022 - 08:27

+1

I had this happen to my account twice last year with new cards inbetween with about $350 in total. I had the points saving for Xmas. WW did credit me back. After the first time I changed my email password as being told that my email was comprimised and got a new EDR account and new password. After the second time (about 6 weeks later), I got another new EDR account, but I no longer bank points and I also no longer have an email associated with the EDR account - just my mobile. I think not having an email associated to the EDR is the significant difference in avoiding your EDR getting hacked (but not willing to test that theory by banking points again). The downside is you no longer get emails from EDR advising point bonuses etc so you have to log in to see whats on offer.
Grale on 18/05/2022 - 12:17

so…..has anyone loaded all their gift cards/bank cards to use Everyday Pay yet??
Xenawarriorprincess on 18/05/2022 - 20:42

Happened to me tonight. 4pm north Melbourne they bought $60.50 of baby formula and took $60 off. The transaction triggered another $10 voucher so then they went to sunshine and at 8.09 they bought $150 of formula and took the $10. This time they used a debit card for the remainder.
- King Tightarse on 18/05/2022 - 21:59
  
  Baby formula comes up as a shopped item a lot. Dodgy parents doing it tough? Overseas baby formula sellers?
  - Chickenleg on 19/05/2022 - 18:21
    
    Helpful WW guy I spoke to on the phone said it’s bought because it’s very easy to sell
  - DoctorCalculon on 19/05/2022 - 20:25
    
    +1
    
    Overseas baby formula sellers
    
    Most likely daigous.
    
    It is a lot common to see them at Chemist Warehouse. Staff tell them off regarding limits. But they come back with someone else to buy.
  - Samsungnote10 on 19/05/2022 - 20:33
    
    Mine have been
    
    Nappies
    Baby formula
    Lego sets
    Nintendo games
nightfever on 19/05/2022 - 20:31

Omg this happened to me today and I was left shell shocked!! It’s baby formula as well! They took my hard earnt $30 rewards dollars 😭😭😭
coxymla on 25/05/2022 - 13:40

Just noticed that I was a victim last month, I had $30 in rewards dollars from the bonus points offer on Wish gift cards.
- coxymla on 25/05/2022 - 14:33
  
  15-20 mins on hold, got someone, they love to blame your account being compromised and tell you to change your email password despite not needing any of that to redeem dollars.
  - King Tightarse on 25/05/2022 - 17:21
    
    +1
    
    Yes that is complete bull and they probably know it. The hackers are not going in through email, also it requires knowledge of TWO password methods to change from 'Christmas' to 'Money Off Shop' eg it requires password + email code or sms to your phone.
    They are just so full of shit
    - DoctorCalculon on 29/05/2022 - 09:37
      
      If you read previous stories on this thread, there are lots of reports where these thieving scumbags are able to turn off Bank for Xmas.
      
      It is one thing to guess the barcode to redeem the points, but how are they able to switch off this setting without hacking into the account beforehand?
dohye1004 on 26/05/2022 - 13:42

+1

$140 stolen on my account too. It seems someone in diffrerent state knew exactly how much credits to use.
** Transaction #1. Spent exact $100 on grocery
** Transaction #2. Spent rest of my ER credits with 10% discount on A2 milk powder.

I discovered that if someone (somehow) knows my login detail, they can access my card detail without 2FA (Under My account -> Cards & accounts -> Primary card shows full 13 digit card numbers with my full name unlike FlyBuys). These details were no longer availalbe after the operator reset my membership number and re-login to the website. (Majority details are now hidden with ***)

I strongly believe there's a flaw in their system where required updates were not applied to all accounts hence full card numbers are still availalbe without 2FA.

Anyway I reset my account password and waiting for EDR team to finalise their investigation on this.
clover on 27/05/2022 - 21:28

How to make WW acknowledge the problem? ACA? Got an email saying multiple attempts logging into my account but failed. I only have gift card but no EDR. Doesn't seem like I have lost anything though
puffinfresh on 02/06/2022 - 14:38

+2

I just got this email from Big W.

Dear Valued Customer,

At BIG W, your privacy is our priority and we have robust security measures in place to safeguard your information and actively monitor for any suspicious activity. During these routine checks, we found some suspicious activity which we are confident originates from outside BIG W. Whilst we have investigated the activity, we wanted to inform you that your login details have been accessed and used to login to your BIG W online account without your permission. The personal information you have shared with BIG W, such as your name and contact details, may also have been viewed. Information on how to safeguard your personal information is included in this email.

Rest assured, we have secured your BIG W account and we ask you to reset your password as a matter of priority, if you have not already done so. To reset your password, please visit Forgotten Password. Once you have reset your password, you can relink your Everyday Rewards card and we have included information on how to do that in this email.*

It goes on with "How to safeguard your personal information" and "Linking your Everyday Rewards card to your BIG W account"

We apologise for any inconvenience this may have caused and will continue to take all measures to protect your account and communicate with you when required. Please contact us if you have any further questions.

Best regards,
Pejman Okhovat
Managing Director, BIG W*
- bamzero on 10/06/2022 - 14:57
  
  Legit or phishing? Any time an email starts out with "Dear Valued Customer" always seems pretty phishy to me (signing off with Managing Director details always a nice touch too)
  - aneil915 on 10/06/2022 - 15:18
    
    I got it too. It's legit. I tried to login to my big W account after going directly to the Big W website from Google and I had to reset my password to login.
kickling on 10/06/2022 - 15:05

Got an attempted password reset email… Reward team immediately reissued a new card number and I had to reset my password.

Nothing got stolen. Dollars are locked for Xmas.
tajid on 26/06/2022 - 07:21

Just realised $30 of my reward dollars were used in QLD last week and I’m in NSW.
haydoz on 26/06/2022 - 10:45

Noticed last night that $20 was taken from my account and used at a petrol station (the second $10 had only just been added after I had shopped on Friday).

Just phoned up and was given a new card number and a password reset. The $20 should (hopefully) be back in my account soon.
sunaus on 29/06/2022 - 11:59

Just realised $30 of my reward dollars were used in VIC yesterday and I’m in NSW.
Ocker on 29/06/2022 - 18:23

+7

This has got to be one of the longest running scams that has not been effectively stopped by the affected company (Woolies)
From memory I first raised this scam on OZB about a year ago and it still continues.
capslock on 04/07/2022 - 12:55

+1

I got done for $100. They stole it the very next day after I switched from christmas dollars to money off next shop. I reported it to the rewards team but its been a couple of weeks now and no reimbursement so I'm not sure if they will reimburse me.

Not everyone posting on this thread seems to come back to say if they got reimbursed or not.
- Yola on 04/07/2022 - 17:30
  
  I think they do get reimbursed. You may need to follow up.
  - R n b on 05/07/2022 - 09:34
    
    +1
    
    They took 7 weeks and 3 calls and finally got all the points back with 2000 goodwill bonus points.
- tajid on 05/07/2022 - 14:53
  
  +1
  
  $30 of mine got reimbursed on the same day of the call.
  $40 more after I chatted as they seemed to have missed it (the same day of contact).
Samsungnote10 on 05/07/2022 - 15:32

+1

my account since EDR locked me out of it for safety purposes, the $$$ has not been compromised ,but I still get a password reset request, every 2 weeks or so

so the irony, is it seems like scammers have access to my account, but I dont
- Yola on 06/07/2022 - 08:24
  
  Bizarre.
gstfree on 13/07/2022 - 00:25

+2

$50 ER gift balance stolen for purchase A2 Stage 2 Formula 900g Qty 2 @ $38.00 each @ NSW. The monthly 10% promotion was also stolen.
The thief tried my card again next day for purchase the same A2 formula @ NSW, but I didn't have any point left in my account.

Some notes:
1. The $50 was stolen 2 days after I purchased giftcards with bonus points.
2. I rarely shop in store. I only go into store no more than 3 times a year.
3. I am not sure if my password was compromised, but I didn't receive any suspicious email or SMS for codes.
4. The receipt shows the thief paid the remaining balance using QC GIFT CARD SAVING

How the thief knew I have reward points from gift card purchase? I feel it is more likely data security issue from Woolworths side.
tharlow on 15/07/2022 - 19:17

The best ways to protect your Everyday Rewards dollars:
1. use them immediately
2. don’t shop at Woolies in the first place

Oh — I got the order wrong!

https://my.woolworthsrewards.com.au/sf/CNA-5938/CNA-5938-D.m…
kalithreaver on 19/07/2022 - 11:41

+3

Its crazy this is still going on. It has to be tens of thousands of dollars scammed by now. All they need to do is assign a better auth system. like you have to put a pin on the balance to use it like coles does.
JIMB0 on 20/07/2022 - 23:19

+1

It's made the news again. Same old response from Woolworths.

https://7news-com-au.cdn.ampproject.org/v/s/7news.com.au/lif…
- bamzero on 21/07/2022 - 10:08
  
  It's not us, it's you.
  
  “In the cases reported to us, accounts have been accessed using valid login or account details.
  
  We’ve found no evidence to suggest our IT systems have been breached or compromised in any way.
  
  This indicates fraudsters have likely obtained these members’ login credentials and account details from online scams or other sources.”
- Matt P on 23/07/2022 - 13:55
  
  +6
  
  Story has been regurgitated onto a few other outlets now too.
  
  The more you read, the more this HAS to be an inside job within the organisation that administers the rewards program.
  
  Amount stolen is almost always more than $10 which indicates that they're able to look for accounts with higher balances with somewhat ease.
  
  Almost always the same products which suggests the people doing this are probably somewhat connected
  
  Total transaction amount is very close to the balance which means there is prior knowledge of your balance/points
  
  WW could easily track these people down with the sheer volume of cameras in store. They know the time and place the fraud was committed. The only way it could be different people each time would be the "collection" of the loot being farmed out to bodies in exchange for some kind of financial reward under some guise of a legitimate business (buy milk powder to send overseas to my family, i'll pay you with cash, just use my rewards card to pay for it as i'm overseas and can't do it myself etc..)
  
  I reckon given the inaction on it, WW have to be investigating and letting it continue to build evidence.
  
  Of course, this is all my own conspiracy theory haha
  - Ocker on 25/07/2022 - 15:24
    
    +2
    
    When I first posted on this issue many moons ago I mentioned that only checking my account, the funds in my account was about $8.00 short of the transaction amount so the person charged the difference to a bank debit card.
    I would have thought this sufficient to track the person.
    - King Tightarse on 26/07/2022 - 20:22
      
      +1
      
      Yes it would.
      Perhaps the amounts are too small to get the cops involved and a court order to release the info?
      I am 100% down with it being an inside job or a very smooth hack job. It is strange to watch Woolworths PR people release these statements but obviously completely miss the leak or flaw in their system every time. Then have the audacity to actually blame the victims!
      No way is it users being coerced into handing over passwords or any of the bull-shit suggestions they have come up with.
      Always larger amounts, so often the same items being bought (baby formula which can be easily sold on)
      - Grale on 01/08/2022 - 16:00
        
        @King Tightarse: someone beat me to it and used it for a Switch OLED…
Shoppingisfun on 25/07/2022 - 14:52

This may already have been mentioned but best way to avoid this happening is moving your dollars into the "save for Christmas" option.
If you want to use them before then you can just transfer them out just before using at the register.
I had points stolen twice but since I've done this I have been ok.
Was suggested by ER customer service :))
- King Tightarse on 26/07/2022 - 20:27
  
  +3
  
  Sorry to say but there are plenty of examples here of people having their money moved over to "shop" and then spent
  - DoctorCalculon on 01/08/2022 - 08:57
    
    Yep. All it does is slows down these thieving bastards by a minute or so. They still manage to spend all your saved RDs.
thib on 27/07/2022 - 12:29

+1

I got the reward of 30$ and its gone next day:)) im living in Tas and the theft was in NSW

When i saw i got 30$ so i want to save it to bank xmas because i known i will lost the money but that system not avail yet, after 1/12/2022 then same sh!t happened

Its not the 1st time, its happened before with my previous card and i replaced with the current one, still got hacked,

I closed my account and not use ER anymore. I read that happened 1 year ago but dk why WW not fix that early.
lgacb08 on 30/07/2022 - 17:05

+2

Just realised I got hacked to, someone used my account and stole $20 plus 10% discount for the month. Can't believe woolies left this running uncheck for that long.
SR129 on 01/08/2022 - 16:25

+5

My account just got hacked and they charged $200 to my bank card! Didn't even steal the rewards points as I have them saved for Christmas, it was $200 taken from my bank account. They went to the same store I was at about 90 minutes earlier. DO NOT LINK ANY BANK CARDS TO EVERYDAY PAY. Someone stole my rewards card details a few months ago and used my points and I cancelled that card and got a new one and even changed the password and have 2FA. I've lodged it with Woolworths and they said they'll look into it and get back to me in 3-5 business days, so we'll see how we go… But again, DO NOT LINK YOUR BANK CARD TO EVERYDAY PAY!!!
- Yola on 01/08/2022 - 17:48
  
  +1
  
  Wow they have done nothing about points being stolen for years. But this is the first time I read about money being taken from a bank account. Surely this is a criminal matter. Did you report it to Police? Everyday pay has been introduces only recently you would think they would ensure its secure. Maybe this mess is the result of them continually denying that the problem is at their end. If they really believe that maybe they are not doing anything to fix it. Well I guess they are not because it has been talked about on here for nearly 12 months and it does not take that long to fix.
- King Tightarse on 01/08/2022 - 18:23
  
  Woah thats a new one - they can actually get to your bank account via everyday pay?
  Right, well I am never going to use that then
SR129 on 01/08/2022 - 18:24

Sorry I should've said they bought $200 worth of groceries using my everyday pay as I had my debit card linked to it. I've contacted the non-urgent police line and am currently waiting for a call back and also called my bank to see if they could stop the transaction as it's currently a pending transaction. But the bank said I have to lodge a dispute and then it could take them up to 60 days to review it and reimburse me if they find it in my favour. The person I spoke to on the Woolworths helpline didn't seem very interested either and sounded like he was a bit spaced out… I hope he lodged my dispute properly…

Stolen Woolworths Reward Dollars from Account

Related Stores

Comments

New Forum Topics