A new scam targeting Walmart customers is using fake shopping lists and malicious customer service numbers to defraud victims, leading to threats of arrest and demands for money transfers via Bitcoin. This scam exploits Walmart's legitimate “Lists” feature, deceiving customers through Google ads that appear to direct them to the official Walmart website but instead lead to a fake customer service interaction.
The scam, discovered and reported by Malwarebytes, begins when victims search for Walmart's customer service number on Google. The top search result, a sponsored Google ad, appears to show Walmart's official website URL, but clicking it brings users to a malicious shopping list created by scammers. These lists feature fake Walmart customer service details, including a fraudulent phone number. Once a victim calls the number, they are connected to a call center, often in Asia, where scammers impersonate Walmart representatives and escalate the fraud.
Malwarebytes
Scammers use a well-rehearsed routine to frighten victims, claiming that suspicious activity has taken place on their Walmart accounts, such as large purchases or illegal transactions. Victims are then told they are under investigation for money laundering or transferring funds to criminal organizations. To resolve the issue, they are pressured to provide sensitive information like banking details or Social Security numbers, and eventually, they are coerced into withdrawing funds from their accounts and transferring them to a Bitcoin wallet controlled by the scammers.
Exploiting Walmart Lists
Walmart, a multinational retail corporation and one of the world's largest companies, offers a feature called “Lists,” which allows customers to create and share virtual shopping lists. While this tool is generally harmless, it has been weaponized in this scam. Scammers create multiple Walmart accounts, populate lists with fake contact information, and use these lists as landing pages for Google ads, evading detection because the links technically direct users to Walmart's legitimate site.
Malwarebytes
Victims of this scam experience a multi-step interaction with a series of scammers playing different roles, including a fake Walmart customer service representative, a supervisor, a bank employee, and even a false Federal Trade Commission (FTC) investigator. Each character is used to build the narrative of legal trouble and further intimidate the victim into compliance. One victim was told that their identity had been used to launder money through countries like Colombia and Mexico, with the threat of an active arrest warrant if they did not comply.
How to protect yourself
Internet users should be cautious with Google ads, as scammers often use ads that appear at the top of search results. Verify contact details directly through official websites instead of clicking on ads. Ideally, use ad-blockers that will hide these promoted results from search results.
Also, keep in mind that legitimate companies will never threaten arrest over the phone. Be suspicious of high-pressure demands to act quickly, as those are typical of efforts to make the victim drop their defenses and fall for scams.
Even if you're on an official website, confirm the authenticity of customer service details before sharing personal information, as websites often carry vulnerabilities and can be compromised by threat actors.
Mysterious “Noise Storms” Have Been Hitting the Internet Since 2020
Leave a Reply