Has the Nectar Point kidnappers scam been solved? We Discover Evidence of Secret Groups Trading YOUR Supermarket Reward Points

Criminals are using secret channels to sell Nectar card balances to defraud unsuspecting customers, a This is Money investigation reveals.

This year hundreds of our readers have been contacted about their stolen loyalty points and thousands of pounds in rewards have been lost.

In fact, since we wrote an article 10 days ago about another Nectar theft, 72 more have contacted us to tell us they have had points worth just over £7,800 stolen.

A common theme has emerged in all the cases: the victims have no idea how the points were achieved, while our attempts to get a response from Sainsbury’s are met with a constant brick wall.

Now, we can reveal that criminals are using social media and secure messaging channels to sell data attached to up to 1,000 Nectar accounts at any given time.

We found evidence of criminals selling codes linked to Nectar accounts through a secret channel on the secure messaging service Telegram.

It calls into question Nectar’s security system and how secure customer data and balances are.

A Telegram group advertising a ‘Nectar code replenishment’ was selling 500 accounts in the new database for £45 and 1,000 codes for £350 in the old database, which they say has a higher hit rate .

The idea presumably is that at least one or two of the accounts will have a large balance for the criminal to steal.

One message read: ‘£5+ balance guaranteed. It could be £5, £500 or £750, whichever way you make a profit (sic)’.

It’s still unclear how criminals have access to so many account numbers: there are no instant alerts, no stolen cards, and no questionable phone calls.

Many theories have circulated online about account numbers and barcodes, but it remains a mystery.

Jake Moore, global cybersecurity advisor at ESET, told This is Money that the Nectar system “didn’t seem like a very complex system… it’s a numbers-based algorithm.”

Another post on the Telegram channel shows evidence of a small purchase at a Sainsbury’s store.

At the bottom of the receipt, the account holder’s total Nectar balance is displayed, meaning criminals can continue using the account without the legitimate account holder immediately realizing it.

The criminals say that once they know the balance, they can “vandalize the store and pay with Nectar.”

In addition to Nectar balances, the Telegram channel also offers subscribers the opportunity to purchase balances from other major loyalty programs.

Since we first wrote about it in January, a flood of readers have contacted us to tell us about their stolen points.

In August, we estimated that over 1 million Nectar points had been stolen from our readers and since then hundreds more have come into contact with the same issue.

Even though This is Money publicizes the problem, criminals are becoming more brazen about stealing points.

A cursory look at Nectar’s X account shows that customers are getting in touch almost every day to complain about stolen points.

And secret messaging services could be the reason behind the increase in stolen points.

Moore told This Is Money that he had seen many more illegal services, data and products sold on Telegram.

‘It is becoming the open web version of the dark web due to its anonymity. It’s an easy place for criminals to sell anything and it keeps people hidden.

‘I don’t see much use of the dark web in illicit material… you have anonymization tools like an app in your pocket, in the form of Telegram or Discord. Open your market tenfold and you can advertise on TikTok or Instagram.’

We contacted Sainsbury’s with evidence that criminal groups are selling customer data.

A Sainsbury’s spokesperson said: “We are working closely with the police on this issue and have a range of measures in place to help us detect and, in many cases, prevent fraud.”

Have your Nectar points been stolen? Contact editor@thisismoney.co.uk