Executive Summary
Users of the UK grocery/retail chain Sainsbury’s Nectar loyalty program are being warned about a surge in points theft, with one customer recently reporting the loss of two years’ worth of saved points. This follows an earlier investigation that revealed £63,000 GBP worth of Nectar points were stolen from readers over a year, prompting Nectar to implement a “lock” feature for all accounts. While Nectar maintains that a small proportion of accounts are affected by fraud and that measures like the “Spend Lock” are in place, the recurring incidents highlight ongoing vulnerabilities and a targeted campaign on a large European firm.
Analysis
The primary scam technique identified involves unauthorized access and redemption of Nectar points. This suggests that threat actors are likely employing credential stuffing, phishing to obtain login details, or exploiting vulnerabilities in Nectar’s account security to gain access. The instances of points being redeemed at unfamiliar locations indicate that once accessed, the stolen points are quickly monetized by fraudsters. The timing of these incidents, particularly before Christmas, points to criminals capitalizing on periods when customers are accumulating points and might be less vigilant about immediate spending. Cybersecurity experts are urging customers to diligently monitor their accounts, especially during peak spending seasons like Christmas, as this is when criminals often target accumulated points.
