London24NEWS

Nectar level nabbers rip-off solved? We uncover proof of secret teams buying and selling YOUR grocery store reward factors

  • Criminals are selling Nectar card details to defraud customers 
  • Had your Nectar points stolen? Get in touch [email protected]

Criminals are using secret channels to sell Nectar card balances to defraud unsuspecting customers, a This is Money investigation reveals.

This year, hundreds of our readers have been in touch about their stolen loyalty points with thousands of pounds worth of rewards going missing.

Indeed, since we wrote an article 10 days ago about another Nectar theft, 72 more have contacted us to say they’ve had points worth just over £7,800 nicked.

A common theme has cropped up in all the cases – victims have no idea how the points were nabbed, while our attempts to get an answer from Sainsbury’s meet a constant brick wall. 

Now, we can reveal that criminals are using social media and secure messaging channels to sell data attached to up to 1,000 Nectar accounts at any given time.

Nectar scam: Criminals use secret channels to advertise Nectar account codes

Nectar scam: Criminals use secret channels to advertise Nectar account codes 

We found evidence of criminals selling codes linked to Nectar accounts through a secret channel on the secure messaging service Telegram.

It calls into question Nectar’s security system and just how safe customer data and balances are.

One Telegram group advertising a ‘Nectar code restock’ was selling 500 accounts on the new database for £45 and 1,000 codes for £350 on the old database, which they say have a higher hit rate.

The idea presumably being that at least one or two of the accounts will have a large balance for the criminal to pilfer. 

One message said: ‘Balanced £5+ guaranteed. It could be £5 or £500 or £750 what ever way ur profiting [sic]’.

It remains unclear how criminals have access to so many account numbers – there are no flash alerts, no stolen cards and no dodgy phone calls.

Plenty of theories have circulated online about account numbers and bar codes but it remains a mystery.

Criminals are posting Sainsbury's receipts which reveal a customer's Nectar point balance

Criminals are posting Sainsbury’s receipts which reveal a customer’s Nectar point balance 

Jake Moore, global cybersecurity adviser at ESET told This is Money that the Nectar system ‘didn’t seem like a very complex system… it’s a numbers-based algorithm.’

Another post on the Telegram channel shows evidence of a small purchase at a Sainsbury’s store.

At the bottom of the receipt, the account holder’s full Nectar balance is on display, meaning criminals can continue to use the account without the legitimate account holder being immediately aware.

The criminals say that once they know the balance, they can ‘mash the store and pay with Nectar’.

In addition to Nectar balances, the Telegram channel also offers subscribers the opportunity to buy balances from other major loyalty programmes.

Since we first wrote about the issue in January, a deluge of readers have been in touch to tell us about their stolen points.

In August, we calculated that over 1million Nectar points had been stolen from our readers and since then hundreds more have been in touch with the same issue.

Despite This is Money publicising the issue, criminals are becoming more brazen in stealing points.

A cursory look at Nectar’s X account shows that customers are getting in touch nearly every day with complaints about stolen points.

And secret messaging services could be the reason behind the spike in stolen points.

Moore told This Is Money that he had seen far more services, data and illegal products being sold on Telegram.

‘It’s becoming the open web version of the dark web because of its anonymity. It’s a simple place for criminals to sell anything and it keeps people hidden.

‘I’m not seeing as much use for the dark web in illicit material… you’ve got anonymising tools as an app in your pocket, in the guise of Telegram or Discord. You open up your market tenfold and can advertise on TikTok or Instagram.’

We contacted Sainsbury’s with evidence of the criminal groups selling customer data. 

A Sainsbury’s spokesman said: ‘We are working closely with the police on this issue and have a range of measures in place to help us detect and in many cases prevent fraud.’

Have you had your Nectar points stolen? Get in touch [email protected]

SAVE MONEY, MAKE MONEY

Affiliate links: If you take out a product This is Money may earn a commission. These deals are chosen by our editorial team, as we think they are worth highlighting. This does not affect our editorial independence. *Chase: 3.69% gross. Ts and Cs apply. 18+, UK residents