Loyalty Points Phishing Scams: How They Work and The Red Flags

Loyalty-Points-Scam-explained

Scammers have been busy lately impersonating network providers or credit card companies offering loyalty points. If you get text messages saying your loyalty points will expire soon and you need to redeem them quickly, ensure they’re real before you do anything.

Scammers often use an enormous amount of points to make the loyalty point phishing scam believable. Currently, they are using various company names including Vodafone UK, Telstra AU, Coles AU, or EE UK. Similar scams have also been targeting customers of major carriers from South Africa and Asia.


Scam Detectors Most Trusted Websites in Online Security
  1. Guard.io (100): Surf the web safely. Clean up your browser, remove malicious extensions and check for privacy violations.
  2. Incogni.com (100): Delete your personal data from the internet and protect against scams and identity theft.
  3. ExpressVPN (100) Stay secure and anonymous online - Best VPN Out There

How Does the Scam Work?

There are two main versions of the Loyalty Points Phishing scam. In one version, you’re informed that your loyalty points are about to expire. In the other version, the text message claims you’ve received some bonus loyalty points.

In the first scenario, the scam starts with a simple message informing you that your loyalty points will soon expire. It urges you to redeem them to avoid losing your rewards. Scammers often add random points that will expire in 2 or 3 days and encourage you to click on a link that directs you to a website specially crafted to steal your personal and financial information.

EE-UK-Loyalty-Points-Phishing-Scam
Image Source: EE Community Forum

In the second scenario, the scammers inform you that you’ve been given some reward points as a bonus for being a loyal customer. They’ll mention those points will expire in just a few days and prompt you to use them to unlock a special gift.

Image Source: EE Community Forum

If you click on the link in the text message, you’ll be directed to a fake yet very professionally presented website offering electronic gifts. You’ll be prompted to choose a gift in exchange for your loyalty points, such as wireless earbuds, a fancy phone case, or other small gadgets. After selecting your gift, you’ll be asked to pay a small fee, typically around $1, to redeem it.

This is when scammers collect your bank details.

However, checking your bank online might not show any withdrawal corresponding to that small fee. If you call your bank’s fraud number, you might be surprised to discover multiple attempts to withdraw a few hundred dollars.

Scammers entice you with free items or gifts to get your personal information, which they then use to attempt larger withdrawals from your account later. The loyalty points scam works by instilling a sense of urgency into potential victims. You only have two or three days to redeem your loyalty points, or else you’d lose them for good.

Creating a sense of urgency is a common phishing strategy that scammers use to get people to act quickly without thinking. They want you to panic and follow their instructions immediately, so you don’t have time to realize it’s a scam.

How Did Scammers Get My Phone Number?

Scammers typically get their hands on your phone number in several ways:

  • They steal lists of phone numbers from companies’ databases following data breaches.
  • They buy phone number lists on the dark web.
  • Scammers also collect numbers from social media or public directories.
  • They dial random numbers until they find real ones.

Examples of Companies that Scammers Impersonate

Scammers typically impersonate major carriers from the US, UK, or Australia, but they also impersonate companies from Asia or South Africa. Here are some examples of companies that scammers use the Loyalty Points Phishing Scam.

Vodafone UK
Vodafone loyalty points scam
Image Source: Vodafone UK
Telstra AU
Telstra-loyalty-points-scam
Image Source: ACMA Australia
Coles AU
Coles AU loyalty points scam
Image Source: ABC News Australia
EE UK
Image Source: Reddit

Common Red Flags

1. Spelling and Grammar Issues

One of the most common red flags is spelling and grammar issues. Scams are often operated by teams located in non-English speaking countries, resulting in poorly written messages. If you notice grammar and spelling errors, it’s a strong indicator that the message you received is likely a scam attempt. Official messages from network providers, credit card issuers, or other companies offering loyalty points are free of grammar and spelling errors.

2. Suspicious Links

Another red flag is that the website you are directed to has a strange URL. Sometimes, it resembles the official website URL the scammers are trying to impersonate. Other times, it’s just a mix of random numbers and letters. You may also encounter links that are using URL Shortener. Your network provider would never ask you to click on a link to access your account.

3. Sense of Urgency

The message says you must act quickly to redeem your loyalty points and not lose the rewards. It might say things like “limited time offer” or “claim your points before they expire.” Scammers want you to act fast based on emotion and respond without thinking.

4. Asking for Personal Info

The end goal of scammers is to get you to share personal or bank details. They might ask for your full name or bank account number. They want this information so they can steal your money. Remember that real companies will never ask for such sensitive information through text messages.

How to Avoid: Loyalty Points Phishing Scam

Always be extremely cautious when receiving messages from unknown numbers, especially when those messages prompt you to click on a strange-looking link. This is a common phishing strategy that scammers use to direct you to specially crafted websites aimed at stealing personal information.

Visit your carrier’s official website directly, and don’t click on suspicious links.

By the way, you can use Scam Detector’s Validator tool to check if a website is safe. Domains used by scammers are typically just a few days or months old.

Only trust messages from official company channels and verify the sender’s phone number.

If you notice that the message you received is riddled with grammar and spelling issues, ignore it. Report the sender and delete the message.

Be very cautious if the message tries to create a sense of urgency. Take your time to check the claims and verify the offer.

Never share personal or bank details when prompted to do so. Real companies already have these details about you in their customer databases.

Quick Reminders

If you’ve shared personal or bank details, contact your bank immediately.

Forward any spam texts to your carrier’s spam reporting service so that their security team can investigate them. Scammers use different numbers, so it’s essential to report all of them.

If you click on suspicious links, you should run an in-depth antivirus scan to ensure your device has not been infected. Scammers typically want your personal and bank information, and malware campaigns are rarely associated with phishing campaigns. If you’re unsure about choosing the best mobile security app, particularly for iPhones, this article will guide you through finding the perfect one for your needs.

How to Report Scammers

Warn your family and friends to know about this scam to prevent them from falling victim.

You can report scammers and any suspicious activity to the Federal Trade, and the FBI Internet Complaint Center by using the pages below:

How To Protect Yourself More

Do you want to receive notifications about the most notorious scams on a regular basis? Subscribe to our scam alerts. You will receive periodic emails from Scam Detector with exclusive tips. Those will include info on how to prevent fraud and insights about the newest tools you can use to fight crime.

Feel free to explore additional articles on related fraud. Last but not least, if you had any bad experiences, make sure to use the comments section below to expose the scammers!

Conclusion

Loyalty points phishing scams are designed to trick you into giving away personal and bank details. To avoid falling victim to scams, be caution with unsolicited messages, avoid clicking on suspicious links, and never share sensitive information without checking first.


identity theft protection

TOP 4 MUST-WATCH FRAUD PREVENTION VIDEOS

1. Top 5 Amazon Scams in 2024
 
2. Top 5 PayPal Scams in 2024
 
3. How To Spot a Scam Email in 2024

3 thoughts on “Loyalty Points Phishing Scams: How They Work and The Red Flags”

  1. Staying informed and cautious is essential in today’s digital age to avoid falling victim to these increasingly sophisticated scams. Great job raising awareness on this important issue.

  2. Dear Madalin
    I recently ordered heating oil from a company called Qfuels here in Dublin . Fuel delivered no problem but I noticed a deduction of 93cent. I’d tried to order the oil online but twice my attempt was unsuccessful. On the third attempt mediaery’s website popped up and I went ahead with the transaction, but I’d given all my bank details to make the order. I rang Qfuels and the guy (Paul) said there’d never been a problem before, and told me to contact my bank. I thought it was only a once off deduction but when my bank statement came last week there was a deduction of €37 from my account. I contacted the bank and they advised me to get a new debit card. I’ve now done this. So please advise all your clients to have nothing to do with this shower of crooks.

  3. This helps very much. How can you check to see if a text message you had received about a potential job is legit?

Leave a Comment

Your email address will not be published. Required fields are marked *