Woolworths shuts system after Everyday Rewards customers fall victim to 'sophisticated scam'

Woolworths has shut down a payment system attached to its Everyday Rewards program after several customers became victims of a sophisticated scam. Customers can add credit and debit cards through the Everyday Pay digital wallet and when they reach the checkout and pay by scanning a QR code.

However, vital details from some customers have been compromised by scammers and the supermarket giant has taken a proactive step to stop others being caught up in the scandal. A spokesperson for Woolworths told Yahoo Finance they have turned off the QR code option of Everyday Pay until further notice.

“Unfortunately, we have identified a small number of Everyday Pay users who have been personally targeted by a sophisticated external phishing scam, which has led to them providing their details to scammers. We are supporting those who were affected,” the spokesperson said.

Have you been affected by the system outage? Email stew.perrie@yahooinc.com

Are my Everyday Pay details safe?

Woolworths told Yahoo Finance that only a small number of customers have been affected by the scam so far.

These users provided their personal details as they thought they were speaking to legitimate Woolworths staff. The website used by the scammers has been shut down to prevent others from becoming victims.

• Aussie loses $35,000 life savings in elaborate NAB, Westpac scam: ‘Catastrophic’

• Australia Post scam email warning to millions of Aussies

• Sophisticated scam robs Aussie couple of entire $220,000 superannuation savings

“We want to reassure our members that our Everyday Pay systems and data remain secure and have not been compromised," the spokesperson said.

Woolworths is still working through the system but said one system was not impacted.

“While it was temporarily unavailable last week, the Everyday Pay wallet continues to be available for gift cards - which can be purchased, stored and used for in-store and online purchases.

“We are now taking this opportunity to review and simplify our in-store Everyday Pay checkout experience, and as a result, QR payments may remain unavailable while we work through this process."

Woolworths apologised to customers who use Everyday Pay for the inconvenience and warned customers to be extra vigilant when they receive messages or calls from people they don't know.

If Everyday Pay users believe their accounts may have been accessed by unauthorised users, they can report it to the Everyday Pay team on 1300 10 1234.

Get the latest Yahoo Finance news - follow us on Facebook, LinkedIn and Instagram.

How do I protect myself from scammers?

Aussies lost $2.7 billion to scams last year, with 601,000 cons reported to authorities, according to a new report from the Australian Anti Scam Centre.

That's down from a record $3.1 billion the year previous, however, the number of scams reported went up by 18.5 per cent. Over 65s were the hardest hit and only group to take a higher loss in the last year.

Investment scams are the most prolific, with $1.3 billion lost, followed by remote access scams ($256m) and romance scams ($201.1m).

Scamwatch warns to beware of the following scenarios:

• It’s an amazing opportunity to make or save money

• Someone you haven’t met needs your help - and money

• The message contains links or attachments

• You feel pressured to act quickly

• They ask you to pay in an unusual or specific way

• They ask you to set up new accounts or Pay ID

What should I do if I think I’ve been scammed?

Contact your bank and report the scam. Ask them to stop transactions and stop sending any money.

Report the scam to Scamwatch here and make an official complaint to police here.

Watch out for follow up scams, particularly ones promising they can get your money back. Scamwatch warned one in three victims of a scam are scammed more than once.

Lastly, get support for yourself. You can talk to a financial counsellor or reach out to BeyondBlue on 1300 22 4636 or here for an online chat or Lifeline for crisis support online here on 13 11 14.

You can also contact IDCARE to “reduce the harm they experience from the compromise and misuse of their identity information by providing effective response and mitigation”.