If you get an email from Walmart, tread lightly! Check Point Research’s latest Brand Phishing Report reveals the retailer is at the top of the latest chart for most imitated brands.
Walmart accounted for 16% of all scam attempts and climbed from 13th place in the fourth quarter of 2022, mostly due to an immense phishing campaign built around the come-on of a “supply chain collapse” that urged victims to click on a malicious survey link.
That particular Walmart phishing attempt isn’t the only one the company has suffered through. Scammers also send sham emails pretending to be from Walmart, asking for participation in a survey.
There’s typically a link inside those emails that takes a person to a fraudulent website where the scammer either tries to nab their personal information or infects their device with malware.
Walmart says that, yes, it does surveys, but warns consumers that they do not give away gift cards through Twitter, Facebook, or text messages.
“If you receive a notice through one of these channels, it is likely a scam. Do not click on any links in these messages,” the company said.
Here come the finance scams!
While the technology sector was the most imitated industry in the last quarter, followed by shipping and retail, Check Point researchers say they’re seeing people getting hit with a lot of finance-related scams. Like every other finance scam on the planet, there’s only one thing these scammers want – someone’s account details.
Bank Raiffeisen made the Top 10 for the first time. Even though it’s an Austrian bank, scammers are likely to do the same thing in the U.S. given their success.
Researchers caution people to be vigilant about any email or message that encourages recipients to click on a malicious link and to ensure the accounts' security against any fraudulent activity. Once submitted, those details could be stolen by an attacker.
If the scammers follow the Raiffeisen scam model, people should keep an eye out for any email subject similar to “The new SmartToken service is not active” or content claiming that the victim needs to activate the “SmartToken“ service to ensure account security against fraudulent activity. Tucked inside the email is a malicious link that the attacker tries to lure the victim into clicking so he can steal his account.
WhatsApp scams proliferating
Finance scams are headed WhatsApp’s way, too. Reportedly, WhatsApp users are current targets of scammers hoping to drain a bank account or two courtesy of the infamous “friend in need” text message. In that scheme, a scammer professes to be the child of the potential victim, saying that they're in trouble and need money to get out of it.
An alternate version of the scam is also on the streets, according to Aura. It’s still one that involves fraudsters impersonating a victim's child on WhatsApp and asking unsuspecting parents to transfer funds into a scammer’s bank account. However, in this version, the scammer tries to convince Mom or Dad that their phone was lost or broken to justify this new number. In other variations, the scammer may claim to have been locked out of their mobile banking app.
Either way, the scammer still wants the same thing – the parents’ bank account details so they can transfer the money to buy a new phone. We don’t need to tell you what happens once the victim sends the money, but “poof!” is the operative word.
The Aura analysts say the most prudent thing to do with any WhatsApp message like this is to first verify your child's supposed updated number by sending a text message or making a phone call to confirm whether they’ve actually lost access to their phone.
It would also be a huge plus if you verbally confirmed any bank account details before initiating a fund transfer. That way, if you recognize your child’s voice, the odds are in your favor.