Fake Coles Texts About Expiring Points Target Loyal Customers

Photo of author

Written by: Thomas Orsolya

Published on:

Have you received an urgent SMS warning that your hard-earned Coles Rewards points are about to vanish? This brazen new scam is ravaging Australian shoppers. But with knowledge comes power. Arm yourself with the critical information in this in-depth exposé to beat these thieves at their own game.

You work diligently to accumulate Coles points through loyal shopping for the groceries that fuel your family. Points that you one day planned to redeem for a much-needed household purchase or date night treat. This dream is shattered in an instant by a text message announcing your points will soon expire. Panic sets in.

In a desperate attempt to avoid this loss, you click the link provided. But this “rescue” link only leads to deeper peril in a realm of fraudsters plotting to steal your identity and swindle your finances.

This is the stark reality behind the latest rash of phony Coles Rewards texts infiltrating phones across the country. But when warned, Australians can protect what they have worked so hard to earn, their finances and their peace of mind. Get equipped with the must-know facts on spotting and stopping this scam with this extensively researched report.

Coles Scam

Scam Overview

A new phishing scam has emerged targeting Australians who hold Coles rewards cards and diligently accumulate points on their grocery purchases. This sophisticated scam utilizes unsolicited SMS messages to lure trusting individuals to fake websites aimed at stealing their personal and financial data.

Coles is one of the largest and most popular supermarket chains in Australia. The company has over 800 stores nationwide and employs over 100,000 staff. A key customer loyalty program is the Coles Rewards scheme which issues cardholders points based on how much they spend. Shoppers can later redeem accrued points for discounted future purchases at Coles stores.

Many Australians hold Coles Rewards cards and faithfully collect points on their grocery runs as a way to save money. The average customer scans their card on $135 of purchases per week. With 1 point earned for every $1 spent, the typical weekly points tally per customer is 135. Over a year, an individual shopper can amass 7,020 Coles Reward points or more.

It is easy to see how a fake message about one’s hard-earned points suddenly expiring could trigger immediate panic and a desire to quickly redeem them before it’s too late. This is exactly the reaction scammers are counting on with their phony text warnings.

The scam message will arrive on the recipient’s mobile phone as an unsolicited SMS that appears to come from the official Coles company. It will contain wording along the lines of:

“Your Coles points balance (3020 points) is about to expire, please redeem as soon as possible to avoid expiration at [fraudulent website link]”.

The message is structured to create urgency and panic, making the recipient feel their points built up over time through loyal Coles shopping are about to be erased. This motivates them to hastily click the link without proper verification.

However, Coles has confirmed they do not send warnings about expiring rewards points, because these points do not actually expire. This key fact reveals the SMS as a scam. Coles also does not contact customers by text message for security reasons.

Unfortunately, the fraudulent SMS will seem authentic on first glance. The Coles branding leads recipients to trust the source. The message content and threat of losing hard-earned points triggers fear and quick reaction.

These precise tactics allow scammers to convince initially skeptical individuals to click the embedded link and be routed to a convincing fake website masquerading as the official Coles Rewards site. This is where victims are asked to enter personal details exposing them to identity theft and financial fraud.

How the Scam Works

The Coles rewards points scam works through the following detailed steps:

Step 1: Victims Receive Fake Coles Rewards Text

The scam starts with target individuals receiving an unsolicited SMS message claiming to be from Coles. A example text reads:

Your Coles points balance (3020 points) is about to expire, please redeem as soon as possible to avoid expiration https://tiniurl.com/wzzifesn82“.

The message sounds legitimate and urgency is created by the threat of points expiring. However, Coles does not contact customers this way as points do not expire.

Step 2: Victim Clicks Link to Fake Coles Website

If the recipient clicks on the link in the text message, they are taken to a website designed to mimic the real Coles rewards site. This fake site looks very similar to the legitimate coles.com.au website, with the same branding, colors, and layout.

However, the URL will clearly not be associated with Coles if examined closely. This is designed to trick victims into thinking they are on the official Coles platform.

Step 3: Scammers Collect Personal and Financial Information

On the fraudulent website, the victim sees a form asking them to log in with their Coles online account credentials. If entered, the scammers capture this login information.

The site then requests personal details like name, address, date of birth, and contact information. Finally, it asks for financial data like payment card numbers, CVV codes, and online banking logins.

Victims are less likely to hesitate providing this info as the site looks official. However, it goes directly to scammers.

Step 4: Criminals Steal Identities and Money

Armed with the personal and financial details entered on their fake website, the scammers can now steal the victim’s identity or funds. They may log into bank accounts to transfer money out. Stolen credit card info can be used to make fraudulent purchases online.

The victim’s personally identifiable information can also be used to commit identity fraud with far reaching consequences. Once scammed, the criminals disappear with the data.

Step 5: No Rewards Points are Credited

After entering all requested info on the fake Coles page, victims do not actually receive any Coles Rewards points added to their accounts. The entire site was a phishing front to collect private data while offering nothing in return.

By this time, the scammers already have what they want and cease communication. Targets may only discover weeks later that identity theft or fraudulent purchases have been made.

What To Do If You Receive This Scam Text Message

If you get a suspicious text about your Coles Rewards points expiring, there are steps you should take immediately:

  • Do not click on any links within the message. These lead to fake sites.
  • Carefully examine the sender’s number. Coles would never text from a random mobile number.
  • Call the Coles customer service line at 1800 561 962 to report the scam text.
  • Forward the text message to ScamWatch via their reporting email report@scamwatch.gov.au or by calling 1300 795 995.
  • If you clicked the link, change any passwords for online accounts which may have been compromised. Monitor these accounts closely for unauthorized activity.
  • Contact your bank immediately if any financial or personal information was entered on the fraudulent site. They can watch for fraudulent transactions.
  • Sign up for a credit report monitoring service to detect any potential identity theft issues arising from stolen data.

Frequently Asked Questions About the Coles Rewards Points Scam

1. How do I know if a Coles rewards SMS message I received is a scam?

There are a few key signs that indicate a Coles rewards text is fraudulent:

  • Coles does not contact customers via SMS about reward points expiring or needing redemption. This is always a scam.
  • The text comes from an unknown mobile number, not an official Coles source.
  • There is an urgency to redeem points to avoid expiration. But Coles points do not expire.
  • The text contains a link to click on to redeem. Official Coles communications would never do this.

2. What happens if I click the link in one of these scam texts?

The link will take you to a fake website pretending to be the official Coles Rewards portal. You will be asked to log in and provide personal info like name, DOB, address etc. as well as financial details including payment card data and online banking credentials. All data entered will go to scammers and be used fraudulently and for identity theft.

3. How can the scammers access my bank account if I enter that login info?

With your online banking username and password, criminals can log in to your legitimate bank account and begin transferring out funds or adding themselves as account holders for future access. Provide bank login details to any party at your own extreme peril.

4. Should I call the number in the Coles rewards scam text?

No, you should never communicate with the senders of a scam text in any way. Calling them simply confirms your number as active and primes you for more scam attempts. Their number also cannot be trusted or traced. Immediately delete the text instead.

5. How can I report a scam Coles rewards SMS message?

Forward the text message to ScamWatch via their reporting email report@scamwatch.gov.au or by calling 1300 795 995. You can also report it to Coles customer service so they are aware at 1800 561 962. Reporting scams helps authorities identify trends and protect others.

6. How do I redeem my actual expiring Coles Rewards points?

Expiring Coles points will always be communicated to you by email or formal mailed letter, never SMS. When legitimate points are nearing expiration, log into your official Coles Rewards account online or scan your card at a Coles store to redeem.

7. How can I avoid falling victim to the Coles rewards scam?

Never click on links in unsolicited texts, no matter the company name used. Contact firms via published customer service lines if you have any account concerns. Avoid entering info on websites you did not purposely navigate to yourself.

Staying vigilant against scams seeking to exploit your rewards points will ensure you can reap the savings you deserve through loyalty.

The Bottom Line: Key Takeaways on Spotting This Scam

This scam exploits trusting Coles customers who have diligently accumulated rewards points over time. However, several key signs can help identify the fraudulent messages:

  • Coles does not contact customers via text message about expiring rewards points, as these points do not expire.
  • The links lead to convincing fake websites aimed at phishing personal and financial data.
  • No reward points are ever actually credited. The site exists solely to steal private information.
  • Once scammed, the damage can include identity theft and stolen funds. It is important to act quickly.

The most prudent course is to never click on links in unsolicited messages, no matter how legitimate they may seem. Always contact organizations directly through known numbers if text contacts seem suspicious. With vigilance, Australians can avoid falling victim to this Coles rewards scam.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Don’t Fall for the California Toll Services Phishing Scam Texts

Next

Don’t Fall for the “You Have Been Under Surveillance” Email Scam