Reward Points Scam: Don't Fall for Fake Prize Claims
Reward points scams target customers of legitimate retailers and loyalty programs by impersonating these companies and claiming the victim has won free gift cards, cash rewards, or exclusive points. The scammer typically initiates contact via email, text message, or social media with urgent language suggesting the victim has been selected for a special bonus or that their reward points are about to expire. According to the Federal Trade Commission, reward and sweepstakes scams cost Americans approximately $370 million annually, with reward points variants accounting for roughly 15% of that total. The scammer's goal is to extract personal information (account numbers, passwords, Social Security numbers) or trick the victim into making a small "verification" payment, typically between $50 and $500, to claim their supposed prize. What makes this scam particularly effective is that legitimate retailers DO run real loyalty programs with genuine rewards, making the fraudulent claims appear plausible to victims who have accounts with those companies.
Common Tactics
- • Impersonate trusted retailers like Target, Amazon, Starbucks, or Best Buy by copying their logos and website design in phishing emails or fake websites that closely mimic legitimate reward portals.
- • Create fake landing pages with urgency tactics stating that bonus points are expiring within 24-48 hours or that the victim has limited time to claim their exclusive reward.
- • Request verification of identity through forms asking for full name, date of birth, account number, CVV code, or other sensitive financial information under the guise of confirming eligibility.
- • Insert malicious links in messages that either capture login credentials when users enter them or deploy spyware that monitors banking activity on the victim's device.
- • Request a small 'processing fee' or 'verification payment' of $50-$300 via gift card, wire transfer, or cryptocurrency, claiming this confirms the account before releasing the larger reward.
- • Escalate contact after initial engagement by calling the victim and using social engineering to build false rapport, claiming to be a 'loyalty manager' helping expedite the reward claim.
How to Identify
- You receive unsolicited messages claiming you've won rewards or bonus points you never signed up for or don't recall earning from that specific retailer.
- The message contains generic greetings like 'Dear Valued Customer' rather than addressing you by name, or it comes from an email address that doesn't match the official retailer domain (e.g., [email protected] instead of [email protected]).
- The message uses high-pressure language with artificial deadlines, such as 'Your bonus expires in 24 hours' or 'This offer is only valid for the next 48 hours.'
- Links in the message lead to websites with slightly misspelled URLs or domains (.info, .top, .click) rather than the official corporate domain of the retailer.
- The message asks you to click a link to verify your identity, confirm your account details, or enter sensitive information like passwords, CVV codes, or bank account numbers.
- You're asked to make a payment—even a small one—via gift card, wire transfer, or cryptocurrency before you can access or claim your supposed reward points.
How to Protect Yourself
- Never click links in unsolicited emails or texts claiming you've won rewards; instead, navigate directly to the retailer's official website by typing the URL manually or searching for their official app.
- Check your legitimate reward account directly through the official website or app before responding to any prize claim—if nothing appears in your account, the message is fraudulent.
- Verify legitimacy by contacting the retailer's customer service phone number from their official website (not a number provided in the suspicious message) to confirm whether the offer is real.
- Never enter sensitive financial information, passwords, or CVV codes on any webpage you reached by clicking a link in an unsolicited message, even if the page looks official.
- Enable two-factor authentication on all legitimate retail and loyalty accounts so that scammers cannot access them even if they obtain your passwords through phishing.
- Report the fraudulent message to the retailer using their official fraud reporting process and to the FTC at reportfraud.ftc.gov, including the sender's email address and any malicious links.
Real-World Examples
Sarah receives a text message claiming her Target RedCard rewards account has been selected to receive $250 in free gift cards due to her loyalty status. The message includes a link to 'verify her account.' When she clicks it, she enters her email and password on a nearly perfect replica of Target's login page. Within hours, scammers use her credentials to access her actual Target account, change her password, and begin making fraudulent purchases.
An email arrives in James's inbox with the subject line 'Congratulations! You've Won 50,000 Starbucks Rewards Points!' featuring the Starbucks logo. The email directs him to confirm his account by entering his date of birth, card number, and CVV. James completes the form, but the points never appear in his account. Three weeks later, he notices unauthorized charges on his credit card totaling $2,400 from online retailers.
Michael receives a call from someone claiming to be a 'Best Buy Loyalty Manager' stating he's been selected for an exclusive $300 rewards bonus. To activate the bonus, the caller requests a $99 'processing fee' as a credit card payment. Michael pays the fee via his debit card, but no reward ever appears in his Best Buy account. When he calls Best Buy's official customer service, they confirm they have no record of any such program and advise that he's been scammed.