Walmart’s rise to become the brand most likely to be impersonated in Q1 of this year is a real problem.
If you’ve been paying attention to brand impersonation in phishing attacks, you know the premise is to use a brand that a large number of potential victims do business with as a means of both establishing credibility . For many quarters, we continually saw Microsoft and/or Microsoft 365 as the brand of choice due to its wide use. Phishing scams ranged from attempting to take over your computer for “tech support” to spoofing login pages to obtain legitimate Microsoft 365 credentials.
But, according to Check Point’s latest Brand Phishing Report for Q1 of this year, Walmart has risen to the top of the list, representing 16% of all impersonated phishing attacks in Q1. This jump, up from 13th place, demonstrates that attackers are looking for new ways to trick victims into performing the desired malicious action – whether that be clicking a link, opening an attachment, or making a phone call.
We found a recent example of a Walmart-themed email at pcrisk.com where the scam appears to be similar to ones we’ve encountered that were Amazon-themed.
Source: Check Point
The scam makes the recipient think they ordered something rather expensive (that they didn’t actually order), and get them to call the customer service number to trick them into giving up their credit card details.
All it takes to trick someone is the fabricated legitimacy. Seeing that Walmart has not been a large focus for phishing scams to date, it’s newfound popularity could be all that’s needed to trick email recipients into becoming victims.
Here's how it works:
