June 1, 2021
A Walmart phishing campaign masquerades as a retailer, trying to steal users’ personal information while checking their emails to verify them for future attacks such as identity theft and spear-phishing.
The email, which has the subject “Your Package delivery Problem Notification lD #,” asks users to update the address at the end of the message, which says: “Unfortunately we were not able to deliver your postal package in time because your address is not correct. Please reply us with the correct shipping address”.
After clicking on the ‘update address’ button, the phishing email automatically generates a new email with the subject ‘Update my Address!’ that will be sent to various emails under the control of the fraudster.
Users are asked to send their e-mail address to the spammer posing as Walmart.
Users are advised not to click on suspicious links, but to go to the domain of the main page for confirmation purposes.
For more information, read the original story in Bleeping Computer.
