WASHINGTON – It’s the time of year for email scams, especially given how much more people are shopping and sharing their bank information with stores. This time around, the fake emails look like they’re coming from big box stores.
The scammers are going for the big fish — the stores most Americans have shopped at this season, Amazon and Walmart.
“You may think you bought something at Walmart and they’re telling you you can return it, but you have to act now because we’re going to deduct something from the amount you paid,” says CBS technology analyst Larry Magid. “That’s an incentive for people to click, so they can get their money.”
Some customers shared the scam on social media:
Watch out, kids! I just got an email from @Walmart saying something I ordered was delayed and asked to confirm my info, obviously a scam.
One email warns customers an item they bought has no shipping address to send to, and offers a link to fill out personal information.
“You could be asked to fill out information on a form that looks very official and legitimate, but what they’re really doing is capturing something from you. It could be credit card information, it could be in some cases social security numbers. It could be used for ID theft, it could be used to scam you,” Magid says.
Or the scammers could be directing you to a website that has malware and puts what is essentially a virus on your computer, then captures more information and makes you vulnerable to more attacks, he says.
Bao Nguyen, a spokesman for Walmart, says these kinds of emails are common for major retailers at this time of the year.
“We have heard that one such email was recently sent using the Walmart brand,” Bao says. “This clearly has no relation to Walmart and consumers should exercise caution if they receive a message for an order they have never placed. They should never give sensitive personal information in response to an email, text message or letter. It is important that recipients do not click on any links in the email or respond in any way.”
Bao advises customers make sure their anti-virus software is up to date.
Tell tale signs of fraud:
If the url contains extra letters
If the link doesn’t go to the store’s official site
If the email has misspellings
If it’s asking for personal information
Magid advises to never click the link. Instead, go to the store’s website if you’re contacted. And watch out for the next likely scam.
“I wouldn’t be surprised if we see scams related to the Target credit card data breach,” he says. “Again, 40 million people were caught up in that data breach, so it wouldn’t be very hard for a scammer to send an email randomly to everybody.”
Both Wal-Mart and Amazon have sites set up to inform customers about potential phishing scams and what they can do to protect their accounts.