Tesco removes Hotels.com from Clubcard offers after scammers GUESSED codes to get cheaper holidays

TESCO temporarily removed Hotels.com from its Clubcard offers after scammers guessed the discount codes and sold them on the black market.

The supermarket pulled the voucher offer, which allowed customers to bag between £200 and £750 off hotel rooms with Hotels.com, after it was alerted to the fraud back in March this year.

The issue has now been resolved and the offer reinstated, but it means that millions of Tesco shoppers were potentially denied the reward for being loyal customers.

Cyber security group CyberNews spotted the hack four months ago, after discovering that the one-off promotional codes were being sold for hundreds of pounds on two hacker forums.

The cybercriminals were able to decipher the 13-digit codes generated by Hotels.com that customers use to claim the discount when booking online.

Fraudsters could then use the discount codes to bag money off upcoming trips.

How to protect yourself from scams

BY keeping these tips in mind, you can avoid getting caught up in a scam:

  • Firstly, remember that if something seems too good to be true, it normally is.
  • Check brands are "verified" on Facebook and Twitter pages – this means the company will have a blue tick on its profile.
  • Look for grammatical and spelling errors; fraudsters are notoriously bad at writing proper English. If you receive a message from a “friend” informing you of a freebie, consider whether it’s written in your friend’s normal style.
  • If you’re invited to click on a URL, hover over the link to see the address it will take you to – does it look genuine?
  • To be on the really safe side, don’t click on unsolicited links in messages, even if they appear to come from a trusted contact.
  • Be careful when opening email attachments too. Fraudsters are increasingly attaching files, usually PDFs or spreadsheets, which contain dangerous malware.
  • If you receive a suspicious message then report it to the company, block the sender and delete it.
  • If you think you've fallen for a scam, report it to Action Fraud on 0300 123 2040 or use its online fraud reporting tool.

Only a limited number of the codes were issued by Hotels.com and could only be used once, so codes that had been guessed and sold on before being issued meant that loyal Tesco shoppers were left out of pocket.

Tesco's loyalty scheme has 19million members.

It's not clear how many of the codes were sold on but up to four million potential codes were up for grabs, according to CyberNews.

Once it was alerted to the breach, Tesco temporarily withdrew the deal andeither reimbursed or replaced vouchers for customers who were affected.

Shoppers who believe that their codes may have been affected are being urged to contact the Clubcard support team, where cases are being reviewed individually.

Expedia – the firm behind Hotels.com – have also taken measures to prevent this from happening again once it became aware of the scam.

How does Tesco Clubcard work?

TESCO'S loyalty scheme is called Clubcard and has around 19million members.

It gives customers one point for every pound spent in store or one point for every £2 spent on fuel. Every 100 points are worth £1.

Tesco sends out vouchers for each 150 points you've collected every three months.

These can then used as face value in Tesco or converted into three times their value using its rewards platform.

Vouchers come with an expiry date of two years.

CyberNews blamed unsecure codes generated by Hotels.com and said that it should be a warning to other firms that accept discount codes.

The research group said: "In the current economic climate people are looking for ways to save money, so businesses need to stay vigilant to prevent fraud.

"We’d recommend using longer, less predictable discount codes with more characters which make it harder for cybercriminals to predict, as well as implementing a limit on attempts for an incorrect entry to prevent brute force attacks of this nature."

Tesco confirmed to The Sun that the breach had taken place and that it pulled the Clubcard offer while it sorted the problem.

A Hotels.com spokesperson told the Telegraph: "This issue was identified and resolved promptly several months ago.

"Working closely with our partners at Tesco we ensured that only legitimate Clubcard customers were able to obtain and redeem the codes they had earned.

"No customers of Hotels.com or Tesco missed out on the offer, lost money or Clubcard points as a result."

In an unrelated incident, Tesco blocked 620,000 Clubcard accounts after scammers tried to steal points.

And earlier this year it urged Clubcard holders to claim lost points, as £17million were left unclaimed.

Source: Read Full Article