First there was the headache of having to collapse the old PC and Optimum points accounts into a new loyalty program. Now some PC Optimum rewards card holders are finding thieves have hacked their accounts and stolen their points.

It’s yet another headache for Loblaw’s public relations staff, who have also been getting an earful over the sign-up and distribution procedures for consumers to get a $25 gift card as an apology from the grocer for being involved in a long-lasting bread price-fixing scandal.

Here is the response from Catherine Thomas, Loblaw’s senior director of external communication who wants to reassure loyalty card holders that they are taking steps to help customers hit by these thefts. “We understand the concern and frustration some members have around longer-than-normal wait times to resolve their concern,” says Thomas. “Our team is committed to helping each and every person to safeguard their account and reinstate their points.”

In the meantime, we offer nine tips on how to avoid having your points cache get hacked by thieves and fraudsters in the first place.

Strengthen your password

“Beefing up your password is the most important thing you can do,” says Bruce Winder, co-founder, and partner at Retail Advisors Network in Toronto. From adding numbers and characters to capitalizing random letters and adding symbols, take steps to ensure your password isn’t one that hackers can easily guess. Thomas of Loblaw agrees, adding, “Recently, we halted some individual accounts and asked those members to reset their passwords. Strong, unique passwords protect personal information and points.” As well, don’t share passwords with others and make sure each of your passwords is unique and not used on other websites.

Keep loyalty program sign-ups separate

Set up a separate email address and password that you only use with your loyalty card programs. And never use that password with any other accounts. An unscrupulous hacker can easily find out what’s typed under the ******* that appears on your screen as you type in your password.

Ignore suspicious emails

Received an email with an attachment from an address you don’t recognize? Don’t open it. Thieves can try to steal your rewards by sending unsolicited emails that ask you to either download an attachment containing a virus or request that you update your account information through a fraudulent website. These so-called “phishing” emails often look like those you might get from the loyalty card company and it’s often easy to click on them without thinking. To protect yourself, hover your mouse over any link in a suspicious email before opening. If the link leads you to a website that has nothing to do with the content of the email, chances are it’s fake. And if you’re not sure, contact your loyalty program provider to ensure it’s valid. Even the experts fall prey. “Someone broke into my LinkedIn account recently because I opened one of these phishing emails when I shouldn’t have,” says Winder. “I’m much more careful now.”

Double check site address URLs

Make sure they are accurate and not just similar, or knockoffs. For example, there is a free $200 Costco gift card available at http://ireallylovemypoints.com but someone could mirror that site with I-really-love-points.com or just lovemypointss.com with one extra “s”. Just one letter change or additional characters can lead to a different address that is designed to look exactly that same as the legitimate site. And never provide name, address, date of birth and mother’s maiden name on any of these sites.

There are fake ads as well as fake news on Facebook

Ads for 10,000 bonus PC Optimum points are floating around on Facebook. I saw one for Costco a month ago. Both are bogus. You supposedly get the points if you share these ads with friends on Facebook. Never share these on social media.

Hide your pin when you pay

If you’re checking out, realize that there could be hidden cameras in the store that watch what’s happening. “Hide your pin religiously,” says Matthew Lau, chief editor of pointshogger.com. “And don’t let anyone see the numbers you’re putting in there.” Something as easy as cupping your hand over the keyboard when inputting your PIN number at the checkout—like you do with your bank card when you withdraw money from the ATM machine—is an easy way to do this.

Keep on top of transaction activity

If your PC points are attached to a credit card, report any abnormal activity on your card to the credit card company immediately. “Credit cards generally give you 30 days to report suspicious information and they may be able to give you more info on the transactions that have occurred,” says Lau.

Manage and keep track of points religiously

“I check my points balances almost every day,” says Lau. “They’re like money and you have to be willing to manage and monitor them like you would your monthly bank statement. His advice? “If you’re not willing to manage your points, then don’t collect them.”

Keep your card with you at all times

It’s a simple thing but goes a long way to protecting points. Keep good track of your physical card. “Don’t loan it out to people or leave it lying around,” says Winder. “Any time it leaves your possession, you leave yourself open to theft.”