As a direct result of the coronavirus pandemic, last year saw a record number of people take advantage of delivery services to order food, basic household goods, and any type of item that can easily be boxed up and shipped out. To this point, Amazon during the June quarter of 2020 saw its revenue skyrocket by more than 40% compared to the same quarter in 2019.
With more people relying upon delivery services than ever before, scammers have since seized upon the opportunity to try and trick unsuspecting individuals out of their hard-earned money. The latest scam making the rounds is an email phishing campaign masquerading as a legitimate message from Walmart.
As detailed on BleepingComputer, scammers are sending out emails that seemingly come from Walmart and have a subject line of “Your Package delivery Problem Notification ID#.”
The email claims that a package was unable to be delivered due to an incorrect address.
“Unfortunately we were not able to deliver your postal package in time because your address is not correct,” the email reads in part. “Please reply us with the correct shipping address.”
The email contains an “Update Address” button at the bottom, and once clicked, a new email window will pop up whereupon users can send their address to the individuals behind the scam.
The collected information is used to conduct identity theft attacks, gain access to your other accounts, or perform targeted spear-phishing attacks.
Over the past week, three different unrelated individuals contacted me to warn me about the attacks, and I have received a half dozen of these emails, indicating it is a very active phishing campaign.
Due to this, everyone should be on the lookout for strange emails from Walmart and treat them all suspiciously.
This scam is particularly insidious because it doesn’t specifically ask for financial information or sensitive passwords. Still, with a name and address in hand, scammers can build off that information to engage in more dangerous attacks.
As always, if you receive an email from a large retailer like Walmart or Amazon with an alert about a shipping or payment issue, you’d be well advised to log into your account directly via the website in question.
If any of this sounds familiar, it’s because last December saw scammers send out a huge number of fake notifications, messages, and emails that were designed to look like they came from delivery companies like FedEx, Amazon, and UPS.
As we detailed a few months ago:
In one particular scam, users receive a spoofed email message from UPS which claims that a product they ordered online was unable to be delivered. The message prompts them to click on a link so that they can re-enter pertinent delivery information. The link in this case, however, installs ransomware on a target’s computer and encrypts their files. The only way to access said files is to send a payment with Bitcoin.
The aforementioned Walmart scam doesn’t involve any malware, but it’s simply good practice to be on high alert for any type of phishing scam, even the ones that only ask you for an address.