RETIREE Lois Dawkins spent months saving up her Nectar points to spend on her Christmas shop.
But a few weeks before December 25, the 68-year-old, from Exeter, received an email notifying her that her email address had been changed on her Nectar account.
She immediately called Nectar, which advised her to keep an eye on it.
Later that evening, she noticed small amounts beginning to disappear from her balance, but by that time, Nectar's office had shut, so she was unable to stop it happening.
Within two hours, £330 worth of points had been drained from her account, leaving her nothing to fund her Christmas shop with.
“It was so sickening to see it happening before my eyes and there was nothing I could do about it,” she said.
READ MORE IN MONEY
“Thankfully, Sainsbury’s finally refunded my money around the 18th of December because I was so persistent, but I think it’s disgusting that it was so easy for these thieves to steal my points."
Lois is one of thousands of Nectar customers who collectively saw millions of points stolen from their accounts before Christmas.
But experts say this is just part of a growing trend of loyalty cards being targeted by scammers.
The majority of high street chains, supermarkets and even travel providers now offer loyalty schemes with rewards and deals to entice shoppers to choose them over rivals.
Around 97% of all shoppers are a member of at least one loyalty scheme, according to recent government data.
But retailer loyalty fraud has risen 89% over the past two years, according to the Forter Fraud index, while a recent report by Mastercard found a 75.7% increase in theft of travel loyalty rewards over the past year.
And The Sun has been flooded with emails from reward account customers who have had their points nicked in recent months.
Experts say thieves have started targeting these accounts because they are less likely to be detected than with regular bank accounts, while security is often more lax, making them easier to break into.
That's how Allan Witherick's reward accounts were able to be hacked for months without him realising.
Allan, from St Albans realised in November last year that someone had been regularly accessing his Subway account and stealing his rewards.
He went to check his account in December and was shocked to see points for free subs worth at least £6 each had been repeatedly cashed in at various locations around the country.
“I no longer use Subway after repeatedly having my points nicked," he said.
"They kept telling me it must have been me, even though the card was being used across the other side of the country.
"Then they said my email must have been hacked, but there was no login or anything, just the points used. I stopped using them after that."
Then, he noticed that £100 had been cashed in from his Nectar account as an Argos gift card, which he didn't remember buying.
Sainsbury's eventually agreed to refund the amount, but Allan couldn't understand how his account was even accessed.
A Nectar spokesperson said, “Nectar is one of the UK’s biggest loyalty schemes, with over 23million members. The security of our customer accounts is our highest priority and the proportion of those impacted by fraud each year is very small."
Subway has been contacted for comment.
Huge rise in loyalty scheme fraud
The huge rise in loyalty fraud has gone hand in hand with an increase in the amount of loyalty schemes available.
But experts say loyalty schemes are increasingly being targeted because reward points are often left unclaimed for extended periods.
According to charity For Good Causes, more than £7billion is sitting unclaimed in UK loyalty accounts.
And as many people are not checking their balances regularly, the thefts are less likely to be noticed than stealing from bank accounts.
Matthias Held, technical program manager at security company Bugcrowd, explained: "The theft of reward points is on the rise because both customers and business often neglect to closely monitor loyalty points.
"This allows fraudulent activities to go unnoticed for extended periods.
"Fraudsters also often tend to operate subtly, making small changes that go undetected until it’s too late."
Generally, security for loyalty schemes has also been a lot more lax than for bank accounts or other financial institutions over the past few years.
Some retailers have begun to clamp down on this. For example, Nectar recently introduced a feature where users can "lock" points so they can't be spent without their explicit permission.
But many schemes are still easy to hack for a determined scammer, and more regular data breaches over the past few years have made basic details more widely available.
Jacob Ideskog, chief technical officer of security firm Curity, said: “Unlike bank accounts, which are heavily monitored, reward programs frequently lack robust fraud detection mechanisms, making them an easier entry point for attackers.
"Loyalty programs often have weak authentication measures. As a result, if an attacker gains access to a victim’s email through a breach, they can reset passwords and then drain their reward points."
'I had £265 stolen 60 miles from home'
WHEN Gareth Thomas, 80, saw 53,000 Nectar points worth £265 stolen from his account last August he contacted the loyalty scheme.
It launched an investigation and ultimately issued him a new card in October where it restored his points as "goodwill".
But he couldn't understand how his account had been accessed and his points used at a store more than 60 miles from where he lived, in Longbridge, near Birmingham.
" I wasn't told is how this happened in the first place and by whom - I had not been near Longbridge and the card had never knowingly left me being mainly used at my local store," Gareth said.
Protect your points
To protect your loyalty accounts, it's a good idea to treat them like you would treat any other bank account.
For example, when making a new account, make sure to give it a strong password and set up two factor authentication to make it harder to hack in the first place.
It's a good idea to set a different password for each account, too, as reusing the same password means hackers can gain access to all your accounts more easily.
READ MORE SUN STORIES
It can be a good idea to keep all your passwords in one secure place, like a password-locked file, in case you forget any.
Then, make sure to regularly check your balance and contact your provider immediately if you notice any transactions that you didn't make.
Top tips for protecting loyalty accounts
HERE are Matthias Held's top tips for avoiding loyalty point theft:
- Monitor your accounts – regularly check balances and transaction history for unusual activity.
- Use strong, unique passwords – avoid reusing passwords from other accounts to prevent credential stuffing attacks. Better yet: use a Password Manager like 1Password or Bitwarden to secure your accounts and create strong authentication and passwords you don't need to remember.
- Enable multi-factor authentication if available - this adds an extra layer of security against unauthorised access.
- Beware of phishing scams – fraudsters often impersonate loyalty programs to steal login credentials. Always verify links and messages before clicking.
- Limit account inactivity – regularly redeem or use points to prevent your account from becoming an easy target.
- Report suspicious activity immediately – if something seems off, contact the loyalty program provider as soon as possible.