In checking the inbox of a seldom used but vital email account today I came across an email that read:
”Welcome to Walmart. Your new online account is ready.” It appears to have been sent about 2 weeks ago. Clicking on the link in the email pulled up an account listed under the email in question along with a blank password field. Of course I didn’t attempt to enter the unknown account. I have for years had a Walmart account under a different commonly used email and haven’t noticed any issues. I rarely use it anymore as their shipping isn’t reliable.
Next, I logged into the older established account and attempted to “chat” with an agent. When I informed their AI it was a security issue I was directed to phone a number. When I phoned the number the new AI told me I couldn’t speak to anyone regarding account security until I had changed my account password. I not only changed the Walmart password, but did so at the 2 email providers as well. Then I phoned back and my case was at least listened to by an agent. I said the second account might be fraudulent, was unwanted, and requested it be shut down. That was refused. He did say he would kick the issue higher up the security chain and I would hear back. I do have both Norton security running and also am a subscriber to Identity Guard. Neither showed any suspicious activity when I logged in later in the day.
The “kicker” here is that this second account could be the result of an innocent error / misunderstanding. I may have used the second email at one of their stores or possibly online and they may have been duped into establishing an account under it. Having used their pharmacy in the past and their vision center I can conceive of how they might have gotten hold of that second email. Walmart? They are like a leech following you around. I shop at a local store and pay with a CC. When I go online to buy something … up pops detailed description every damn product ever purchased with credit / debit card in their retail stores going back many years … from canned beans to shoe laces to wine. Doesn’t seem right! Once I get to the bottom of this issue I will close out the online account. Paying with cash at their stores is a possibility - even a likelihood.
Rambling thought - Is perhaps the popularity of digital accounts (Bitcoin, etc.) due to their not being traceable by merchants the way credit card / bank cards are? Err … Should I setup Apple Pay?
PS - I was victimized by identity theft 15 years ago. It was discovered when Pay Pal contacted me about having duplicate accounts with them. So these things do happen.
Comments
I called. They had switched to a different suck-puke software provider, and neither they nor I had any inkling that this junk would be automatically sent to clients. When I called, they told me to ignore it. Might this apply in your case?
These outfits need to be regulated, policed, shut-down and prohibited from doing such crap.
I don’t want to enter any credentials or attempt a password reset to check it out further. So, to misquote Vonnegut, “There it sits. There it sits ...” Walmart hasn’t responded to my phone inquiry, except to ask me (using the former account) to rate their phone rep from 0-10. I gave him a 0 and added a note that the new account under a different email address is unauthorized, may be malicious and they should delete it and investigate.
Damn. I’m beginning to think it was a fishing expedition. They somehow got a hold of my alternate email address and were trolling me. It sucks either way. They are losing an occasional online customer here and I shall begin exploring ways to purchase at retail locations w/o divulging any personal information. If they are allowed, however, to use facial recognition, any sense of privacy is illusionary.
Technology is advancing faster than any of us can keep up with. Brings to mind the old line: “If you’re sitting at a poker table and haven’t figured out who the mark is in 5 minutes, it’s you.”
No knowing what email program you use, but there are methods to 'see' who/what sent the email (their domain). A word search for a method should be able to be discovered with a search.
We receive our share of 'phishing emails'...PayPal, etc. I check the mail header for more than one email sender and IP address. These can be readily searched. It's not uncommon to find 'foreign' IP's......as with 'RU' in the sender email address, for Russia, etc.
--- A "Malwarebytes Walmart account phishing email" is not a single, defined scam, but a potential combination of two separate scams: a Walmart phishing email, and a fake Malwarebytes billing/renewal email. A scam email may impersonate either brand to trick you, so it's crucial to look for red flags in the sender's address, check for inconsistent branding or pricing, and be cautious about any unsolicited emails demanding personal information or payment.
How to spot the scam
Sender's email address: Check if the email address is from a legitimate domain, like walmart.com or malwarebytes.com. Scammers often use slightly altered versions or generic addresses.
Generic greetings: Scammers often use generic greetings like "Dear Customer" instead of your name.
Urgency and threats: The email may threaten to suspend your account or claim there's a problem with your payment to pressure you into acting quickly.
Spelling and grammar errors: While some phishing emails are sophisticated, many still contain spelling and grammatical mistakes.
Suspicious links: Hover your cursor over any links to see the true destination. If it doesn't match the expected URL, it's likely a phishing link.
Inconsistent information: Be suspicious of emails with incorrect pricing, support hours, or other details that don't seem right.
What to do if you receive a suspicious email
Do not click: Do not click on any links or download any attachments in the email.
Report it: Report the email as spam or phishing through your email provider to help them block future scams.
Contact the company directly: If you are concerned about your account, visit the official website or call the customer service number listed on their official site, not the number in the email.
Delete it: Once you've identified it as a scam, delete the email and empty your trash.
Change your passwords: If you accidentally clicked a link or entered your information on a fake site, immediately change your password for that account and any other accounts that use the same password.
Dangerous new world!
Great advice @Catch22. Thanks. Busy preparing for travel. But will do what I can in spare time and while on the road. Thanks again.
I have all of my credit agencies frozen. I believe that would prevent a scammer from creating a real account under your SSN. You could try logging in to Experian, or one of the others, and see if this "new" account even exists under your SSN. You may need to create an Experian account to do this. But, you also need an account set up to freeze your credit. Which I highly recommend. It doesn't take that long to do.
I personally don't use Apple Mail but this is a great tip for those that do!
One issue is all the promotional garbage Walmart floods the mailbox with. I usually go through every couple weeks & toss it directly in the trash w/o even opening it or looking closely. The first sign of an issue was that the email surfaced in a different mail provider’s inbox. Even with Apple mail, the emails are bundled under the provider’s domain. I’m sure it’s something recent because I’d have caught it earlier.
Pity many with less experience or the help this forum provides. You could lose a fortune. Plenty of stories testify to that.
As I'm certain that you know, Apple Mail is set up by the user, who creates "mailboxes" (simply another concept of "folders") and provides the email app with the instructions as to what email addresses are to go into the various mailboxes. Any "bundling" that Apple Mail does will be determined by those instructions. Any email received from an address which has not been given instructions will go to the default "Inbox", or possibly to the "Junk: mailbox.
Any other "bundling" is most likely happening at your email provider.
“This is a system generated message … We are unable to send your email as one or more of its attachments may be corrupted or may contain malicious content. (in reply to end of DATA command)”
That has never happened in the near 25 years I’ve used the app.
However, if I leave the “Include contact photos” box unchecked the backup goes through without a problem. I’m not even aware of what “contact photos” are - so not being able to send them is no big deal.
Also, when I utilize DejaOffice’s alternative backup option, “Save to Dropbox” everything goes through without issue. So Apple’s email system is flagging something suspicious that Drop Box is missing.
Another oddity,: I pulled up a 6-8 week old backup saved before this all began. Used it to replace the existing DejaOffice files. Then, when I tried to “save” the file it generated the same warning.
I’ve tried deleting the DejaOffice app and then reloading it .. then refreshed it with what I believe to be “clean” backup files. Didn’t resolve issue.
Apple perhaps scans all their mail app’s “in-boxes” when you try to mail a file backup like Deja and may have detected that fake WalMart message (now 2 messages). I’ll need to carefully trash it (them) when have time to do it correctly and not make things worse..
Yikes!