Tesco warns of Clubcard theft threat

180220131218Tesco is warning members of its Clubcard programme to beware of personal data phishing scams in an email to its loyalty scheme customer base, following reports Clubcard vouchers have been swiped from online accounts.
The retail giant has already called in the police. It is feared the money-off coupons were stolen after miscreants compromised victims’ accounts.
Tesco found out about the missing vouchers, thought to be worth hundreds of pounds, after Clubcard holders complained on Twitter and Facebook, and hit MoneySavingExpert.com.
“We have launched a thorough investigation into a small number of incidents and referred the matter to the police,” a company spokesman said. “In the meantime, we’d like to ask any customers who believe they’re affected to contact us directly on 0800 591688 so that we can make sure their accounts are up to date.”
Customers claimed they discovered their vouchers had vanished after they logged into their online accounts, MoneySavingExpert.com said. Some were told by Tesco’s customer service staff that the coupons had been spent miles away from their homes.
The email missive reads: “The Tesco Clubcard team send out frequent emails to our customers and wanted to make sure you feel comfortable you recognise what is from us, and what could be fraudulent activity.”
The email adds that Tesco “will never email you asking for your personal or security information. For security purposes we send out a number of emails that remind you of actions that you have recently taken. These include changing your address and telephone number and registering or resetting your My Clubcard Account details”.
The move also follows a phishing attack on Facebook, which loaded malware onto many of its employees’ laptops. The social media giant said no user data has been compromised – but hinted that other sites may have been attacked.
Facebook staff fell victim to the campaign known as a “watering hole” attack last month, in which malware was planted on a popular mobile developer website, the company said. The statement, almost hidden under the title “Protecting People On Facebook”, assured readers that no user data had been lost.
Facebook’s chief security officer Joe Sullivan gave details and said other sites may have been affected, and it has been suggested the attack may have had the same source as the recent hit on Twitter which exposed 250,000 passwords.

Related stories
Twitter hack exposes log-in flaw
Twitter rocked by hack attack