What to do - think Android phone may have been compromised (accounts hacked)?

B0bbyEwing

Hacked may be the wrong term but I don't really care about arguing over terminology, I just want this sorted. 

Recently I discovered suspicious activity on my Nectar account. Story short someone had cloned my card (there's 2 linked to my account but it was my card they did not the other) & spent over £100 of points. I never use the physical card, only the app. 

This morning I wake to find a notification about a spend at a supermarket at almost midnight last night. Strange on 2 counts - 1) our local supermarket is closed at that time of night and 2) I was in bed asleep. 

So put the Nectar incident together with my bank incident & I'm thinking someone has somehow gained access to my (Samsung Galaxy S24) phone. 

So what to do now? 

One thought is to totally erase the phone & restore from backup but
1) will the backups store whatever they've implemented to hack my phone so we'll be back to square 1?
2) does it restore photos as well or just apps/settings? 

I have a password manager on my phone so wondering if this has also been compromised. 



So yeah not sure of best course of action.

In case it matters because of how it's accessed... 

The bank is Chase. I access almost always via biometrics. 

I also pay in stores via Samsung Pay.


Edit to add - sorry had just woken up so more info 

This matches exactly a transaction from Sunday at the same supermarket. When I came to pay I never got a payment declined message or anything like that where I had to make 2 attempts to pay - I paid normally. 
If I go in to my Samsung pay (I use Curve through Samsung Pay) then the transaction is only listed once - on the Sunday, which is correct. 

Chase tell me they basically can't tell me anything I don't already know. So I've to contact Sainsburys & hope they can tell me more. 

Mark_d

It is highly unlikely your phone has been hacked.  Even if you did accidentally install a malicious app on you phone, security built into android would prevent this app from interacting with other apps or data stored on your device.

There have been many cases where people's nectar points have been spent without their knowledge, at stores hundreds of miles away.  There is clearly a weakness in nectar's security and for this reason I spend the nectar points as soon as I earn then.

My advice is to use strong passwords for all your accounts and use a different password for each account.  Use two factor authentication wherever possible.  Change the password to any account you feel may have been compromised.

If you've not already reported the theft of nectar points to the police then I suggest you do so.

flaneurs_lobster

Chase were doing maintenance over last weekend so it could be that you are just seeing a transaction that had been "queued" for action after this had completed.  .

In the absence of any other suspicious activity it doesn't sound like your phone has been compromised.

Since you're using a password manager it's to be assumed you have strong distinct passwords for your Nectar, supermarket, bank etc apps & accounts. 

Nectar points can be spent in store by the simple cloning of the barcode, in other words if someone has your number and access to a printer then they can spend your points, no other security involved. Same with Boots Advantage points.

Here's a recent thread.

https://forums.moneysavingexpert.com/discussion/6527825/nectar-not-returning-points-after-fraud

B0bbyEwing

Thanks for the responses.

Regards the maintenance - I wasn't aware but this isn't showing as pending, it's a processed debit. 
Unless I'm misunderstanding you? 

Regards the police - will they even be interested? 
Slightly off topic but there's been a recent surge in bike thefts & burglaries in the area. People locally have reported going to the police with home CCTV footage clearly showing the faces of those who are doing it and report of the police being "not interested" and "doing nothing" - over something more serious than spent Nectar points. 

Currently in the hands of Chase & the supermarket to determine whether it's a duplicate or separate spend. 

Sarahspangles

B0bbyEwing said:

Thanks for the responses.

Regards the maintenance - I wasn't aware but this isn't showing as pending, it's a processed debit. 
Unless I'm misunderstanding you? 

Regards the police - will they even be interested? 
Slightly off topic but there's been a recent surge in bike thefts & burglaries in the area. People locally have reported going to the police with home CCTV footage clearly showing the faces of those who are doing it and report of the police being "not interested" and "doing nothing" - over something more serious than spent Nectar points. 

Currently in the hands of Chase & the supermarket to determine whether it's a duplicate or separate spend. 

To clarify, have you got two identical transactions that are reducing your balance? I have had that, though rarely, in the past with a different provider, and one of them has been quickly removed before I have reported it. I assume there is a reconciliation process that picks up these glitches.

‘Constant vigilance’ is wise though.

We also had the same issue with £100 Nectar spend and it was refunded without any fuss. At the time, and I don’t know if this has since changed, you could only spend points in a Sainsbury’s store if you had previously shopped there. This protection had been overridden in addition to the fraudster having the details of a card holder with larger points value. Nectar presumably know that they have a problem and aren’t fixing it.

Mark_d

B0bbyEwing said:

Regards the police - will they even be interested? 
Slightly off topic but there's been a recent surge in bike thefts & burglaries in the area. People locally have reported going to the police with home CCTV footage clearly showing the faces of those who are doing it and report of the police being "not interested" and "doing nothing" - over something more serious than spent Nectar points.

This is about following process.  You need to record the crime with the police, so that the issue is treated as theft.  If it is not treated as theft, Sainsbury's/Nectar won't take action and get you your points back.

You can possibly report the theft to the police online.  The police won't do anything more than issue you with a crime number - but that's all you need from them.

B0bbyEwing

Well rather annoyingly Chase still don't display a running balance but yes I have a transaction on Sunday for say £12.34 which I DID make at Sainsbury's in the morning and then an identical £12.34 on Monday just before midnight in to Tuesday at Sainsbury's also which I did not make. 
Mondays entry doesn't show as pending or anything like that. It's actually processed as though I've spent that amount at that store at that time on that day. 


Out of curiosity, how do these scammer get your nectar card details? I only earn mine and spend mine in Sainsbury's & these days it's via the Nectar app on my phone. The physical card stays at home. 
Do they just try a load of numbers until they create a valid card or something?

They spent over £150 of my points according to Nectar. I only noticed by chance as I don't usually look at my balance. The other week I saw it was like £20 when it should've been nearly £200. Thankfully Nectar acknowledge it & are sorting it. 

B0bbyEwing

Mark_d said:

B0bbyEwing said:

Regards the police - will they even be interested? 
Slightly off topic but there's been a recent surge in bike thefts & burglaries in the area. People locally have reported going to the police with home CCTV footage clearly showing the faces of those who are doing it and report of the police being "not interested" and "doing nothing" - over something more serious than spent Nectar points.

This is about following process.  You need to record the crime with the police, so that the issue is treated as theft.  If it is not treated as theft, Sainsbury's/Nectar won't take action and get you your points back.

You can possibly report the theft to the police online.  The police won't do anything more than issue you with a crime number - but that's all you need from them.

You say that I need to report it to the police to log it as theft & pretty much that's the only way I will get my points back. 

Granted that's not word for word what you said but that's how I read it. 

Just to clarify - I contacted Nectar via Twitter, asked them to look at my account & they said they're giving me my points back. 

Without the involvement of police. 

RumRat

It's pointless contacting the police because you don't yet know what happened. The bank and Nectar will reimburse if there is any doubt it was you who made the transaction.
I doubt there has been any hacking of the phone. If there had been, they wouldn't have just bothered with Nectar points and a few quid from the bank.
We'll await outcome from the bank and Sainsburys.
I found the fraud dept at Chase very helpful when sorting something out for my daughter.

B0bbyEwing

I've had a look & Saturday's purchase has been marked as complete.
Sunday's & this rogue one are marked as pending.
So in theory this one I'm questioning should be resolved one way or another by tomorrow at the earliest but maybe more Thursday.

Chase told me that it was my virtual card that did it & story short there's no way at all it could've been used without my physical phone. Apparently it's impossible to hack this. 

Whether that's accurate or not I've no idea. I doubt much is 'impossible' to hackers but maybe unlikely would be more accurate.

Either way I'll sit tight & see how things pan out.

RumRat

I take it you have changed the passwords to both the bank and Nectar? Always wise if there is the slightest inkling, however remote, of someone breaching the account.