Australia: Scammers target customers of loyalty points programs

The Australian National Anti-Scam Centre is warning consumers holding loyalty points with major businesses to beware of a new phishing campaign. New messages and emails are targeting Qantas Frequent Flyer, Telstra and Coles loyalty programs' customers in attempt to obtain their loyalty points or personal information, according to 209 reports received by ScamWatch in the past four months.

How the scam works

• Consumers receive a text message or email stating their loyalty points are expiring soon.
• The text or email includes a link to a fake website, which prompts customers to log in and provide credentials, credit card details or other personal information to use their loyalty points.
• Scammers steal customers' points, login details, and personal information they can use on other platforms to commit identity theft.

How to protect yourself

Don't click on the link provided if you receive an email regarding your loyalty points (in the mentioned companies and others). Instead, independently go to and access the app or website of the company to check the status of the points.

If you were already scammed, follow these steps to minimize damage:

1. Contact your bank or card provider to freeze your account. Ask them to stop any transactions.
2. Contact the company holding the loyalty program to
3. Change all the passwords of online accounts, starting immediately with the one from the loyalty program.
4. 4. Report the scam and warn others by reporting it to ScamWatch and the police.

5. Watch out for follow-up scams. Hackers may try to get more personal information, which could lead to identity theft.

6. Start monitoring your digital identity. Check where your personal information is on the web with Digital Identity Protection.

Bitdefender Digital Identity Protection scans the public and dark web and monitors your name, phone number, email, and other information you provide.

You can see your digital footprint at a glance, check your breach history, map risk, and any personal information that may have ended online: passwords, physical addresses, and credit card details.

You'll receive notifications, weekly reports, personalized recommendations, and informative newsletters following scans, including actionable advice about what you should do next to secure your online accounts and digital identity.