How to help protect your loyalty points from fraud

A growing concern for anyone who uses rewards programs is loyalty fraud. Loyalty programs are meant to reward clients, but unfortunately, fraudsters see those hard-earned points as easy pickings. Understanding how these schemes work is essential for protecting your points and keeping your personal information safe.

As scams grow more sophisticated and accounts become more interconnected, protecting loyalty points has become as essential as safeguarding cash. And it's one of the fraud trends on the rise: between 2019 and 2023, Canada saw a 202% increase in suspected digital fraud attempts.¹

Recognizing early signs of loyalty fraud is one of the best defenses against losing your hard-earned points. Here’s what to watch for and how to stay one step ahead.

Loyalty fraud happens when someone tries to exploit a rewards program — like Scene+™ — for their own gain. Think of it as someone taking money from your wallet. 

Fraudsters look for shortcuts: breaking into your accounts, creating fake profiles or manipulating points balances to redeem valuable rewards like gift cards. If that doesn’t work, they may attempt phishing — emails, promos or messages designed to trick you into handing over your login details so they can quietly deplete your points.²

Knowing how these schemes work can make it easier to spot trouble early and keep your rewards exactly where they belong: with you. 

To a fraudster, loyalty points are the perfect target — they're valuable, convenient and almost untraceable. Once stolen, points can be converted into gift cards, travel credits, merchandise or other perks that are harder to trace than a fraudulent credit card charge.³

When you use the same login credentials for your loyalty accounts and other accounts, such as banking, fraudsters can treat a single compromised login as a master key. That overlap increases the risk of account takeover, giving fraudsters a path not only to your points but potentially to more sensitive financial information as well.³

Since many people don’t monitor loyalty accounts as closely as their bank accounts, thieves know they often have extra time before anyone notices something is off. 

Fraudsters tend to look for weak spots in how points are earned, stored or redeemed. Here are three common types of loyalty fraud:

This is the big one. A fraudster hacks into your loyalty account using stolen passwords, leaked data or login details phished from the real customer. Once they have access, they can redeem points, access personal information or even lock you out of your account.⁴

Fraudsters sometimes build fake websites or login pages to trick customers into entering their login details or other personal information. Once credentials are captured, the fraudster can use them to break into the real loyalty account and redeem points, vouchers, travel credits or other rewards.⁵

Phishing emails, text messages (smishing), phone calls or even social media DMs may appear to come from a trusted source, such as a family member or the loyalty program itself. The goal is to lure you to a fake login page or convince you to hand over your details directly so the fraudster can redeem your points.

You don’t need expert-level cybersecurity skills — just a few good habits that make your account much harder to break into. 

A quick but routine check can make all the difference. Look for unfamiliar logins, surprise point redemptions or changes to your personal information. If something seems off, report it right away.

Create passwords with passphrases and use a different password for each of your online accounts.

Enable multi-factor authentication and biometric sign-in. If you’re using the Scotiabank app, good news: Touch or Face ID is a built-in feature, making it easy to add that extra layer of security without slowing you down.

Scammers often send emails or texts designed to rush you into acting quickly — “verify now,” “urgent alert,” “bonus points waiting.” Hit pause. Go directly to the official app or website instead of clicking links.

Try our phishing scam simulation activity.

Be cautious about what you share online and where you share it. The less scammers know, the harder it is for them to imitate you or tamper with your accounts.

While loyalty fraud typically targets points, scammers sometimes use stolen credentials and sensitive information to dig deeper and do more damage. If something feels off, acting quickly can make all the difference. Here's what to do:

• Contact your loyalty provider immediately so they can freeze your account, restore points or stop further misuse.
• Change your password on your loyalty account and on any accounts using the same password.
• Monitor your financial activity. Review your banking and credit card accounts for any unfamiliar transactions.
• Keep an eye on your credit score. Unexpected drops or new credit inquiries can be signs that someone is trying to use your personal information somewhere else.
• If you’re a Scotiabank customer, check your credit score online or in the app⁶ to quickly spot any changes that don’t look right.

Loyalty programs are meant to reward you — not hand out freebies to fraudsters. As scammers get more creative, staying alert and building a few solid security habits can make a big difference in keeping your account safe.

If something feels off, don’t wait. Reach out to your loyalty provider and review your account and financial activity. A quick review of your accounts can stop a small issue from snowballing into something serious. 

And if something does go wrong, remember — it’s not your fault, and there’s no reason to feel ashamed. Fraudsters use tactics that can fool even the most careful people. Reaching out for help right away is the smartest move you can make.