16,000 Nectar points stolen this morning

y3sitsm3

pinkshoes said:

Did you have a secure password for the account? 

Have you contacted the Brentwood Argos store to request CCTV from the time of purchase? Did you contact the police on 101 regarding the theft?

I have no idea how much 16000 points equates to.

It would be a breach of the DPA to give the OP a copy of the CCTV footage with someone else on it.

RageinEden

Well I've just come back from my local Sainsbury's to see my points a lot down on Wednesday.  Somebody has used my 11k points for fuel at the Sainsbury's in Castle Vale.  I had to look it up - Birmingham, 100 miles away.  I was at work in Manchester on the day, all day and I have never even been to Birmingham.  Chat not on Sunday, FB said tweet, twitter no response. 9 am tomorrow morning it is then!  

MollyR

I had nearly 60,000 points stolen from me in November last year, spent somewhere in London.  It had to be either somebody at Nectar itself or somebody at Sainsbury's, since I never used the Nectar account for anything else, and the card never left the house (I shopped online at Sainsbury's).  It took about three months, and an awful lot of pressure, before they refunded my stolen points - it didn't help that they made me close down the account and open a new one, and then could not refund points to the new account!  They did make an ex gratia payment of £10 worth of points when they finally refunded me, but it really did not compensate for the hassle, all of which was entirely their fault.  So all I can advise is that you settle down for a long haul, and keep the pressure on them until you finally get your money back.

RageinEden

MollyR said:

  So all I can advise is that you settle down for a long haul, and keep the pressure on them until you finally get your money back.

Oh I am more than ready for the long haul as I've been reading various posts about this.  Well I can go full Margo Leadbetter (The Good Life) if required...... thanks for the info though.... 

RogerBareford

MollyR said:

I had nearly 60,000 points stolen from me in November last year, spent somewhere in London.  It had to be either somebody at Nectar itself or somebody at Sainsbury's, since I never used the Nectar account for anything else, and the card never left the house (I shopped online at Sainsbury's).  It took about three months, and an awful lot of pressure, before they refunded my stolen points - it didn't help that they made me close down the account and open a new one, and then could not refund points to the new account!  They did make an ex gratia payment of £10 worth of points when they finally refunded me, but it really did not compensate for the hassle, all of which was entirely their fault.  So all I can advise is that you settle down for a long haul, and keep the pressure on them until you finally get your money back.

It's more likely that you inadvertently gave out your details online in a phishing attempt and that's how they got access to the account.

debsy42

I forgot to update the outcome, we were contacted by Nectar (after a nice chap from MSE contacted us to ask if they could help) and had all our missing points reinstated and new cards issued. I'm still none the wiser how our card number came to be compromised, I don't have a physical card as it's stored on my phone, certainly no phising mishaps from our end.

MollyR

RogerBareford said:

It's more likely that you inadvertently gave out your details online in a phishing attempt and that's how they got access to the account.

No, it is absolutely impossible, and in fact I do rather take exception to your allegation.  I am a retired computer professional, and I have probably seen and advised clients on more types of scam than you have had hot dinners.  Besides, as I said, this Nectar card was only ever used (1) to accept the transfer of British Airways Avios and (2) to spend the points online at Sainsbury's.  In such circumstances one would have to be extraordinarily stupid to think that a random e-mail from a dodgy address asking one to visit an unknown web site and enter one's details for no logical reason was actually something kosher.

jon81uk

MollyR said:

RogerBareford said:

It's more likely that you inadvertently gave out your details online in a phishing attempt and that's how they got access to the account.

No, it is absolutely impossible, and in fact I do rather take exception to your allegation.  I am a retired computer professional, and I have probably seen and advised clients on more types of scam than you have had hot dinners.  Besides, as I said, this Nectar card was only ever used (1) to accept the transfer of British Airways Avios and (2) to spend the points online at Sainsbury's.  In such circumstances one would have to be extraordinarily stupid to think that a random e-mail from a dodgy address asking one to visit an unknown web site and enter one's details for no logical reason was actually something kosher.

Its nothing to do with the physical Nectar card or the card number.

Have you used the same password and email combination on more than one website?
Its often likely that one less secure website got cracked and then scammers used that email/password combo to get into other sites.

I had my Papa Johns pizza account hacked this way as I'd used the same password on hundreds of sites.

born_again

MollyR said:

RogerBareford said:

It's more likely that you inadvertently gave out your details online in a phishing attempt and that's how they got access to the account.

No, it is absolutely impossible, and in fact I do rather take exception to your allegation.  I am a retired computer professional, and I have probably seen and advised clients on more types of scam than you have had hot dinners.  Besides, as I said, this Nectar card was only ever used (1) to accept the transfer of British Airways Avios and (2) to spend the points online at Sainsbury's.  In such circumstances one would have to be extraordinarily stupid to think that a random e-mail from a dodgy address asking one to visit an unknown web site and enter one's details for no logical reason was actually something kosher.

Remember how BA site was compromised?
Hackers added another invisible layer in the payment process that compromised details.

No one was pointing a finger at you. Working in a fraud team, you would think that no one would ever succumb to fraud. Sadly they do, as these fraudsters are good at what they do. Someone could have bought a list of nectar card numbers, just the same as they do with credit/debit cards. Which would easily be possible from online purchases where the card details are entered & stored.
Fraud can & will happen to anyone, no matter what your background is. 👍Been there done that got the t-shirt 😢

RogerBareford

MollyR said:

RogerBareford said:

It's more likely that you inadvertently gave out your details online in a phishing attempt and that's how they got access to the account.

No, it is absolutely impossible, and in fact I do rather take exception to your allegation.  I am a retired computer professional, and I have probably seen and advised clients on more types of scam than you have had hot dinners.  Besides, as I said, this Nectar card was only ever used (1) to accept the transfer of British Airways Avios and (2) to spend the points online at Sainsbury's.  In such circumstances one would have to be extraordinarily stupid to think that a random e-mail from a dodgy address asking one to visit an unknown web site and enter one's details for no logical reason was actually something kosher.

I think you overconfidence will be your downfall if you feel it's "abolutely impossible".

I don't think you know as much about this as you think because it wouldn't be from a "dodgy adresss" necessarily they could quite easily spoof a genine looking email. So if your relying on seeing an email from a "dodgy adresss" but it's actually a spoofed genuine email address then that could quite easily give you a false sense of security for a start.

Just because you were a "computer professional" doesn't mean you know everything and things change fast in the computer world so it's easy to become out of date even if you were the worlds leading expert in the internet.