Walmart customers have been receiving unsolicited password recovery emails pop-ups in their inboxes. And Walmart is warning its customers that something phishy is going on. Walmart believes the emails are an advanced operation to an ambitious phishing attack on Walmart users.
A Walmart spokesperson confirmed an increase in password recovery emails from someone. Walmart doesn’t believe any accounts have been compromised…yet. Walmart thinks that a hacker or hackers are using Walmart’s password recovery system to prepare for a future phishing attack.
Walmart’s password recovery system works is like most others; the user enters an email address, and the system sends a recovery code to that email address. However, unlike some others, Walmart’s system will actually confirm if there is a Walmart account associated with that email.
A spokesperson for Walmart said; “The hackers are likely using the system to validate emails, confirm whether they have a Walmart account. They are probably preparing for a future phishing attack.”
If a hacker can verify that an email address does have a Walmart account they can create a fake or replica email that appears to come Walmart. The email asks the user to click on a link and log in with their ID. Once they do the hacker captures their username and password allowing them to access the Walmart account.
Walmart customer are warned to be extremely careful if you recieve such and email because they are coming from a legitimate Walmart.com email account. The best measure you can take is to change your Walmart password and maybe the email on the account and keep a close eye on your credit card.