Tesco Clubcard fraud - online vouchers stolen

in Consumer Rights
680 replies 108.1K views


  • Hi Just had the exact same message. i tried logging on to my account online as like you i didn't want to follow the link.

    My account was blocked but i just reset my password, using the forgotten password link. My vouchers are still there.
    :beer:I am a Travel Agent
    My company’s ABTA numbers are P6628. MSE doesn't check my status as a Travel Agent, so you need to take my word for it. ATOL numbers can be checked with the civil avaiation authority. This signature is here as I follow MSE's Travel Agent Code of Conduct.
  • "Tesco has revealed the cause of a spate of Clubcard vouchers stolen, after MSE highlighted the problem..."
    Read the full story:

    Tesco Clubcard fraud victims urged to change passwords


    Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
  • deanosdeanos Forumite
    11.2K Posts
    Part of the Furniture 10,000 Posts Uniform Washer
    "Instead, it says fraudsters accessed Clubcard accounts using the correct username and password, most probably sourced from somewhere else online, where customers have the same log-in details (see our Stop Scams, Id Fraud Protection and Free Anti-Virus Software guides to stay protected). "

  • hjdhjd Forumite
    1.2K Posts
    Part of the Furniture 1,000 Posts Name Dropper
    deanos wrote: »
    I don't believe it either.. and nor have I had an email from them today.
  • terra_fermaterra_ferma Forumite
    5.5K Posts
    Have people been using the same log in details somewhere else?
    I've never heard this before, maybe it's a new system used by scammers.
    Unless it's just Tesco trying to shift the blame to users.
  • 1jim1jim Forumite
    2.7K Posts
    Part of the Furniture 1,000 Posts Combo Breaker
    Just had an email overnight, someone had changed by email address and had then ordered air miles with my reward vouchers. Have emailed tesco to get them to stop the order as it couldn't be done on line
  • Debt_Free_ChickDebt_Free_Chick Forumite
    13.3K Posts
    Have people been using the same log in details somewhere else?
    I've never heard this before, maybe it's a new system used by scammers.
    Unless it's just Tesco trying to shift the blame to users.

    No proof, but I imagine many of us use our email address and then just replicate the same password for every log in we have. That's usually the way the scammers & fraudsters work. Once they have your email address and a password that works on one site, they simply try the same details for everything. This is part of the reason why bank log-ins are generally not simply your email address and a password.

    use a strong password - alpha, numeric, upper case, lower case and some symbols.
    Warning ..... I'm a peri-menopausal axe-wielding maniac ;)
  • WywthWywth Forumite
    5.1K Posts
    Have people been using the same log in details somewhere else?
    I've never heard this before, maybe it's a new system used by scammers.
    Unless it's just Tesco trying to shift the blame to users.
    46 per cent of British internet users, 15.6 million, have the same password for most web-based accounts and five per cent, or 1.7 million, use the same password for every single website.
  • WywthWywth Forumite
    5.1K Posts
    Top 25 most frequently used, and hence guessed, passwords of 2012
    1 password
    2 123456
    3 12345678
    4 abc123
    5 qwerty
    6 monkey
    7 letmein
    8 dragon
    10 baseball
    11 iloveyou
    12 trustno1
    13 1234567
    14 sunshine
    15 master
    16 123123
    17 welcome
    18 shadow
    19 ashley
    20 football
    21 jesus
    22 michael
    23 ninja
    24 mustang
    25 password1
    Be afraid, be very afraid...
  • LagoonLagoon Forumite
    934 Posts
    Have just seen this thread. Can I check, all who've lost Clubcard vouchers, did you all find that your password wasn't letting you in and select 'forgotten password'?

    It's possible that you've had something downloaded to your computer that's made this happen. When you load the normal Tesco clubcard site, it's actually a 'fake' site which loads in its place. It looks the same, the domain is the same, there's no clue that you're ANYWHERE other than the Tesco site. You type your username and password, THEN you get the 'password not recognised' message. By then, you've already given your username and password to the person collecting the data. What happens afterwards is that they'll access your account, change the details, and by the time you regain access your account's been compromised.

    You've not accessed a dodgy link through an email on this occasion - you've typed the web address in, and you're STILL not on the right website.

    I was once using an office PC to access my bank on my lunch break. I noticed that instead of asking for 'digits 2, 5 and 6' of my password, for example, it was asking for the full password. Everything else looked the same, but it rang alarm bells. That evening I accessed my bank fine from home, but the following day it was the same in the office. I called over the head of the tech department who had never seen it before, but agreed with me that something was wrong. He spent a day running intensive virus checks, but nothing was showing. In the end, the PC had to be taken away and I was given a new one as NOTHING could be found. But, I'd accessed the bank myself by typing in the web address. Very savvy colleagues saw what was going on and admitted that THEY wouldn't have assumed it was dodgy - they either wouldn't have noticed, or would have figured it was a change in the security system. There were no other signs.
This discussion has been closed.
Latest MSE News and Guides

Stoozing, sublets & summer sips

This week's MSE Forum highlights

MSE News

Martin Lewis quizzes Rishi Sunak

Watch the cost of living support Q&A here

Join the MSE Forum discussion

48 craft beers for £50 delivered

One-off bundle for newbies. Excludes Northern Ireland

MSE Deals