Wait…I Never Opened an Online Shopping Account at Walmart

Wait…I Never Opened an Online Shopping Account at Walmart

On Thursday morning, I received an e-mail from Walmart.com stating, ‘Congrats on creating your Walmart account.’ It looked legitimate, spot-on actually. I even hovered over the links to see the e-mail addresses to which they are linked — all legitimate, but I didn’t dare click, airing on the side of caution.

The ‘Congrats’ message was sent to a general e-mail to which two of us at Instabill have access, to the attention of someone named ‘Den.’ There is no one at Instabill buy that name, so obviously this raised a red flag.

If this was a con job, it’s the best I’ve seen — and I’ve seen quite a few in my short three years in the payments industry.

It Pays to Have Excellent Support

We’re lucky at Instabill. Recently, we partnered with a new IT firm, Neoscope, that does a lot more than fix bugs in our system; they’re educating us in fraud and cyber crime. So I forwarded the ‘Congrats’ e-mail to my Neoscope colleague, who gave me several explanations:

  1. Someone is messing with us by creating an online shopping account solely to put us on the defensive (it’s worked).
  2. Someone in our company may have actually opened the account, but didn’t explain why or communicate why (after intense interrogation, no one has come forward).
  3. Worse, this could be a precursor to more precarious things to come, like sending us a fraudulent Walmart website login on a malicious domain seeking to steal your favorite password and attempt other harmful things.

I’m fearing the worst and guessing that it is scenario No. 3: A gateway for a fraudster slowly, patiently trying to gain trust and lure my credentials, so that s/he can gain access to personal information, such as the logins and passwords to my LinkedIn, Facebook or any e-commerce retailers with which I might have accounts.

Thank You Walmart — I Didn’t Expect That

I had tweeted about the rogue account last week and tagged Walmart, not thinking much of it. Three days later, I received a Twitter message from a representative with a link to their online customer support. After a 5-minute live chat, the account was deleted. I also received a link to the latest scams Walmart is seeing, which were very fascinating.

Someone is Always Trying to Steal Your Information

That is not an exaggeration.

The value of a consumer’s personal information is worth roughly 10 times the value of a consumer’s credit card information.

Why?

There is a short window to commit credit card fraud because the major issuers have become very good at tracking a consumer’s buying patterns and sending alerts when there are irregularities. When a consumer’s personal information is stolen, the fraudsters can wreak havoc. It’s why hospitals and healthcare providers have huge targets upon them.

The Best Advice for Consumers

Our colleague at NeoScope said it best: A password is like a toothbrush. Choose a good one, and never share it.

We cannot preach this stuff enough:

  • If you don’t recognize an e-mail, such as our ‘new’ Walmart account, delete it. Even better, mark it as spam. Especilly those with suspect attachments.
  • Consumers are still too careless with their passwords. The days of using six and eight character passwords are reckless — passwords with 12-14 characters, a mix of letters, numbers and symbols.
  • We know, you’ll keep forgetting your new password. That’s why consumers need to utilize a password manager program such as KeePassX, LastPass or DashLane, which generate and host all your passwords — accessible with one single password.

Scams and fraud are coming from every direction nowadays. Have you been a victim? We’re curious to hear your story. Leave a comment below.

One Review on Wait…I Never Opened an Online Shopping Account at Walmart

    Today I received this exact same email – also addressed to “Den” actually – and panicked. It was helpful that you posted this as it confirmed that there’s some scam going on. I contacted Walmart and they said they couldn’t delete the account without the full name – which obviously I don’t have. Duh! I’ve reported it to their onine abuse address and hope that nothing worse happens. I just hope it’s only my email address that’s been used fraudulently for a bit of phishing and nothing worse.

Leave a Reply

Your email address will not be published. Required fields are marked *