Cybercriminals are trying to harvest social security numbers and other data

May 1, 2014 09:25 GMT  ·  By

Experts have spotted a new type of emails designed to lure unsuspecting Internet users to a phishing website. The messages purport to come from Walmart and they inform recipients of unclaimed vouchers.

The emails carry the subject line “Your Walmart Voucher” and they read something like this:

“Our Walmart reward server has identified this email to have 500 dollars worth of unclaimed walmart vouchers. It has been difficult to send this vouchers to you because you have not confirmed your records correctly on our server.

Please, carefully follow the link below and fill in all fields correctly to have your vouchers posted to your mailbox. [Link]”

Interestingly, the emails are signed with “Tesco Personal Finance.” This might indicate that similar emails are also sent out to Tesco customers, but the scammers have neglected to change the signature when they sent out the bogus Walmart emails.

As you might have guessed, the link doesn’t point to a Walmart website. According to Hoax Slayer, it leads victims to a phishing website where they’re asked to enter their name, address, social security number, email address and phone number.

Once the information is handed over to the fraudsters, users are told that their vouchers will be sent by mail in the upcoming days.

Of course, no one ever gets the vouchers because this is nothing but a scam. The cybercriminals can use the harvested information to commit identity theft and financial fraud.

As Hoax Slayer highlights, those who fall victim to such scams will likely receive other scammy notifications in the future. Furthermore, since they have the targeted individual’s personal details, the fraudsters can create emails that look more legitimate.

Many retailers inform their customers of promotions via email, but they’ll never ask you to hand over sensitive information like social security numbers, passwords, payment card data or PINs.

If you’re already a victim of such a scheme, you must take certain actions depending on the information you’ve handed over. If you’ve entered your password on a phishing site, you must change it as soon as possible.

If you’ve provided any financial information, you must keep a close eye on your bank account. It might also be wise to contact your financial institution and ask them to take the appropriate measures.

If you fear that you could become a victim of identity theft, check out the FTC’s advisory on the subject.