Hackers plunder Payback accounts

The number of thefts of Payback points is increasing in North Rhine-Westphalia. There are now apparently thousands of victims whose payback accounts have been emptied by criminals; the damage runs into the hundreds of thousands.

The company is aware of the problem, but has ruled out a security gap in its own system. That's why Payback doesn't want to replace the stolen points.

The North Rhine-Westphalia consumer advice center has set up its own website about the phenomenon. “The number of cases has increased since Corona existed,” a Payback spokeswoman admitted to WAZ. In the past few months, there have been an extremely large number of phishing emails on the Internet luring users to fake company websites, said the spokeswoman. Experts warn that insecure passwords would also make hackers’ work easier.

At Payback they now want to tighten security measures. Among other things, two-factor authentication (2FA) is also being considered – similar to online banking, according to the spokeswoman. The points would then only be able to be redeemed if a special code was entered that was immediately sent to the smartphone of the legitimate account holder.

[mk_ad]

Payback writes on this topic:

PAYBACK points stolen: what to do?

When PAYBACK points are gone, the shock is great: where there were still numerous points waiting to be redeemed directly at the checkout or for attractive rewards the next time you shop in the store, there is now nothing in your points account. The points were stolen and usually redeemed immediately.

But how can something like this happen?

First things first: PAYBACK is secure

PAYBACK has no security vulnerability. We check our platform around the clock and secure it against unauthorized access. This is how we protect all data and PAYBACK points from theft.

Unauthorized persons gain access to an account before logging in to PAYBACK . The problem is cybercrime .

How can point theft happen?

Unfortunately, online fraud occurs again and again. So-called fraudsters, i.e. Internet criminals, send fake emails - so-called phishing emails - and thereby obtain personal data, or they have spied on combination of email and password in some other way .

Again and again you read ( as here ) about millions of stolen email addresses and the associated passwords, which are then offered for sale on the Internet. Criminals access this and gain illegal access to user accounts.

The problem: If someone logs in with the correct data, even the most secure system cannot distinguish a criminal from the legitimate user of the account. Every customer must therefore ensure that the access data is secure and only known to them.

What does PAYBACK do against points theft?

Together with our partners, we have implemented extremely extensive technical measures to ensure the security of customer data. We also regularly adapt these to new requirements .

We have also been warning about internet crime and the tricks fraudsters use for many years. We explain – even in large campaigns – how users can protect themselves. We disseminate this information via all of the wide-reaching PAYBACK channels available to us: from the PAYBACK.de homepage to our newsletter and the PAYBACK app to social media. We want to and inform as many users as possible

How can you protect yourself from “point theft”?

To prevent PAYBACK points from being stolen, every user can and should take measures that make it much more difficult for fraudsters to steal access information.

• Every account, i.e. every online account, needs its own password.
  Every account - from email to bank account, from PayPal, Amazon and eBay to the PAYBACK account - should definitely have its own, secure password have. If you use the same email address with the same password for all accounts, it allows fraudsters to easily access all accounts using the stolen data!
• Every account needs a secure password.
  , the most frequently used password by Germans (as revealed by a 2019 study by the Hasso Plattner Institute ) is still “123456”. “password”, “111111” and “123123” are also in the top 10.
  Using one of these passwords makes it particularly easy for criminals to gain unauthorized access to accounts. PAYBACK point theft also particularly easy with these security codes.
  choose a secure password for the PAYBACK account And that is actually quite simple. We have put together what you should pay attention to
• Is your email address still safe?
  You can quickly check online whether criminals have already stolen the data, i.e. the email address and/or the password. On the Hasso Plattner Institute website, you can enter your email address and find out with just one click whether criminals have already accessed it. I Been Pwned ”
  platform If it turns out that the email address has already been targeted by fraudsters, the passwords of all accounts be changed immediately to prevent further damage.

[mk_ad]

What happens after PAYBACK points are stolen?

We recommend reporting to the police if PAYBACK points have been stolen and possibly already redeemed (e.g. at Rewe). PAYBACK works closely with the authorities to stop criminals as quickly as possible.

Will stolen PAYBACK points be replaced?

Data protection and data security are our top priority. We encrypt customer data during electronic transmission using the internationally recognized security standard TLS (Transport Layer Security) and at least 128 bits; a multi-level security architecture additionally secures access.

PAYBACK is not at fault due to the particularly high security precautions in place . The PAYBACK employees or those of our partner companies are not to blame either.

, PAYBACK cannot refund stolen points. We ask for your understanding that there is no legal obligation to do so even in the event of a complaint or complaint.

Source: Payback.de
Article image: Shutterstock / By Nicole Lienemann