Nectar Point Nabbers scam solved? We discover evidence of secretive groups trading YOUR supermarket rewards points

Economy
By Liam
  • Criminals sell Nectar card details to defraud customers
  • Have your Nectar points been stolen? Contact editor@thisismoney.co.uk

By Angharad Carrick

Updated:

Criminals are using secret channels to sell Nectar card balances to defraud unsuspecting customers, an investigation by This is Money has found.

This year, hundreds of our readers have been contacted about their stolen loyalty points, resulting in thousands of pounds worth of rewards being lost.

Since we wrote an article about another Nectar theft ten days ago, 72 others have contacted us to say that points worth just over £7,800 have been stolen.

In all cases, a common theme emerged: victims have no idea how the points were picked up, while our attempts to get a response from Sainsbury’s are met with a constant wall.

Now we can reveal that criminals are using social media and secure messaging channels to sell data linked to up to 1,000 Nectar accounts at any time.

Nectar scam: Criminals use secret channels to advertise Nectar account codes

We found evidence that criminals were selling codes linked to Nectar accounts through a secret channel on the secure messaging service Telegram.

It raises questions about Nectar’s security system and how secure customer data and balances are.

A Telegram group advertising a ‘replenishment of Nectar codes’ sold 500 accounts in the new database for £45 and 1,000 codes for £350 in the old database, which they say have a higher hit rate.

The idea is probably that at least one or two of the accounts will have a large balance that the criminal can steal.

One message read: ‘Balanced £5+ guaranteed. It could be £5, £500 or £750, however you benefit (sic)’.

It remains unclear how criminals have access to so many account numbers: there are no flash alerts, no stolen cards and no dodgy phone calls.

There are many theories floating around online about account numbers and barcodes, but it remains a mystery.

Criminals post Sainsbury's receipts showing a customer's Nectar points balance

Criminals post Sainsbury’s receipts showing a customer’s Nectar points balance

Jake Moore, global cybersecurity advisor at ESET, told This is Money that the Nectar system “didn’t seem like a very complex system… it’s a numbers-based algorithm.”

Another post on the Telegram channel shows evidence of a small purchase at a Sainsbury’s store.

The account holder’s full Nectar balance is displayed at the bottom of the receipt, meaning criminals can continue to use the account without the legitimate account holder’s immediate knowledge.

The criminals say that once they know the balance, they can “smash the store and pay with Nectar.”

In addition to Nectar credits, the Telegram channel also offers subscribers the opportunity to purchase credits from other major loyalty programs.

Since we first wrote about this issue in January, a flood of readers have contacted us to tell us about their stolen points.

In August we calculated that more than 1 million Nectar points had been stolen from our readers, and hundreds of others have since suffered the same problem.

Despite This is Money publicizing the issue, criminals are becoming increasingly brazen in stealing points.

A cursory look at Nectar’s X account shows that customers receive complaints about stolen points almost every day.

And secret messaging services could be the reason behind the spike in stolen points.

Moore told This Is Money that he had seen many more services, data and illegal products being sold on Telegram.

‘It will be the open web version of the dark web because of the anonymity. It’s a simple place where criminals can sell anything and it keeps people hidden.

‘I don’t see much use for the dark web in illegal material… you have anonymization tools like an app in your pocket, under the guise of Telegram or Discord. You open your market tenfold and can advertise on TikTok or Instagram.”

We contacted Sainsbury’s with evidence that criminal groups were selling customer data.

A spokesperson for Sainsbury’s said: ‘We are working closely with police on this matter and have a range of measures in place to help us detect and in many cases prevent fraud.’

Have your Nectar points been stolen? Contact editor@thisismoney.co.uk

SAVE MONEY, EARN MONEY

Chase checking account required*

3.75% AER var.

Chase checking account required*

3.75% AER var.

Chase checking account required*

Prompt interest rate increase on GB Bank

4.91% fix for 6 months

Prompt interest rate increase on GB Bank

4.91% fix for 6 months

Prompt interest rate increase on GB Bank

No account fees and free stock trading

Free stock offer

No account fees and free stock trading

Free stock offer

No account fees and free stock trading

Flexible Isa now accepting transfers

4.84% cash Jes

Flexible Isa now accepting transfers

4.84% cash Jes

Flexible Isa now accepting transfers

Get £200 back in trading fees

Refund of transaction costs

Get £200 back in trading fees

Refund of transaction costs

Get £200 back in trading fees

Affiliate links: If you purchase a product, This is Money may earn a commission. These deals have been chosen by our editors because we believe they are worth highlighting. This does not affect our editorial independence. * Chase: 3.69% gross. The Ts and Cs apply. 18+, UK residents

Some links in this article may be affiliate links. If you click on it, we may earn a small commission. That helps us fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow a commercial relationship to compromise our editorial independence.

You might also like More from author