We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Tesco Clubcard fraud - online vouchers stolen
Comments
-
Hi Just had the exact same message. i tried logging on to my account online as like you i didn't want to follow the link.
My account was blocked but i just reset my password, using the forgotten password link. My vouchers are still there.:beer:I am a Travel Agent My company’s ABTA numbers are P6928 MSE doesn't check my status as a Travel Agent, so you need to take my word for it. ATOL numbers can be checked with the civil avaiation authority. This signature is here as I follow MSE's Travel Agent Code of Conduct.0 -
"Tesco has revealed the cause of a spate of Clubcard vouchers stolen, after MSE highlighted the problem..."Read the full story:
Tesco Clubcard fraud victims urged to change passwords
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.0 -
"Instead, it says fraudsters accessed Clubcard accounts using the correct username and password, most probably sourced from somewhere else online, where customers have the same log-in details (see our Stop Scams, Id Fraud Protection and Free Anti-Virus Software guides to stay protected). "
hmmmm..............0 -
Have people been using the same log in details somewhere else?
I've never heard this before, maybe it's a new system used by scammers.
Unless it's just Tesco trying to shift the blame to users.0 -
Just had an email overnight, someone had changed by email address and had then ordered air miles with my reward vouchers. Have emailed tesco to get them to stop the order as it couldn't be done on line0
-
terra_ferma wrote: »Have people been using the same log in details somewhere else?
I've never heard this before, maybe it's a new system used by scammers.
Unless it's just Tesco trying to shift the blame to users.
No proof, but I imagine many of us use our email address and then just replicate the same password for every log in we have. That's usually the way the scammers & fraudsters work. Once they have your email address and a password that works on one site, they simply try the same details for everything. This is part of the reason why bank log-ins are generally not simply your email address and a password.
use a strong password - alpha, numeric, upper case, lower case and some symbols.Warning ..... I'm a peri-menopausal axe-wielding maniac
0 -
terra_ferma wrote: »Have people been using the same log in details somewhere else?
I've never heard this before, maybe it's a new system used by scammers.
Unless it's just Tesco trying to shift the blame to users.
http://www.telegraph.co.uk/technology/news/6922207/Almost-16-million-use-same-password-for-every-website-study-finds.html46 per cent of British internet users, 15.6 million, have the same password for most web-based accounts and five per cent, or 1.7 million, use the same password for every single website.0 -
Top 25 most frequently used, and hence guessed, passwords of 2012
Be afraid, be very afraid...1 password
2 123456
3 12345678
4 abc123
5 qwerty
6 monkey
7 letmein
8 dragon
10 baseball
11 iloveyou
12 trustno1
13 1234567
14 sunshine
15 master
16 123123
17 welcome
18 shadow
19 ashley
20 football
21 jesus
22 michael
23 ninja
24 mustang
25 password10 -
Have just seen this thread. Can I check, all who've lost Clubcard vouchers, did you all find that your password wasn't letting you in and select 'forgotten password'?
It's possible that you've had something downloaded to your computer that's made this happen. When you load the normal Tesco clubcard site, it's actually a 'fake' site which loads in its place. It looks the same, the domain is the same, there's no clue that you're ANYWHERE other than the Tesco site. You type your username and password, THEN you get the 'password not recognised' message. By then, you've already given your username and password to the person collecting the data. What happens afterwards is that they'll access your account, change the details, and by the time you regain access your account's been compromised.
You've not accessed a dodgy link through an email on this occasion - you've typed the web address in, and you're STILL not on the right website.
I was once using an office PC to access my bank on my lunch break. I noticed that instead of asking for 'digits 2, 5 and 6' of my password, for example, it was asking for the full password. Everything else looked the same, but it rang alarm bells. That evening I accessed my bank fine from home, but the following day it was the same in the office. I called over the head of the tech department who had never seen it before, but agreed with me that something was wrong. He spent a day running intensive virus checks, but nothing was showing. In the end, the PC had to be taken away and I was given a new one as NOTHING could be found. But, I'd accessed the bank myself by typing in the web address. Very savvy colleagues saw what was going on and admitted that THEY wouldn't have assumed it was dodgy - they either wouldn't have noticed, or would have figured it was a change in the security system. There were no other signs.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.3K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.3K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards