In recent months, scammers have fraudulently redeemed points from around 130 WoolworthsRewards member accounts. Following internal investigations, the supermarket giant found no evidence to suggest its systems have been breached or compromised.
In all cases, Rewards accounts have been accessed with valid login and password details, which indicates that fraudsters obtained login credentials from online scams or other sources.
Woolworths has taken the precautionary step of locking down hundreds of additional Rewards online accounts with suspicious point redemptions and is contacting members who have had their account locked down. All fraudulently redeemed points will be reinstated to members in full.
Woolworths’ internal investigations team is continuing to gather relevant information on these cases and will advise relevant state and territory law enforcement agencies as appropriate.
Woolworths has also introduced new measures to better protect their accounts. These include a unique One Time Code which will be sent to members’ email address if they wish to change point redemption preferences.
Members will now receive immediate notification via email if their stored redemption preferences is changed. Passwords will be stronger with at least 8 characters, a number, and upper and lower case characters required. A new tool has also been introduced to offer customers a simple guide on how strong or weak a password is as they enter it, and a new online security FAQ for customers has also been launched on the company’s website.
A spokesperson for Woolworths said: “We value the trust of our members and take our responsibility to uphold the security of their accounts seriously. It’s clear fraudsters are becoming more sophisticated in the ways they target users online and our members are unfortunately not immune to these threats.”
“That’s why we’ve put in place a range of new account security controls to help our members keep their accounts more secure. As always, we encourage our members to remain ever vigilant of online scammers and to keep their accounts as secure as possible with strong and unique passwords.”