Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Jump To: Example    Detailed Analysis   Comments   References

Fake Walmart 'Order Details' Email Opens Malware Website


Outline

Email purporting to be from Walmart claims that you can click a link to read more information about a recent order.

Outlook malware
© Depositphotos.com/ Wavebreakmedia

Brief Analysis

The email is a scam. It is not from Walmart. Clicking the link opens a website that contains malware. This attack is very similar to another malware campaign in which bogus emails claim to be from Costco.

Example


Detailed Analysis

'Walmart' Email Claims to Contain Order Details

This email, which claims to be from retail giant Walmart, advises that your order is ready to be picked up at any local store. It invites you to click a link to find out more information about the supposed order.

Email is Not From Walmart - Link Opens Malware Website

However, the email is not from Walmart and has nothing to do with any order you have made. The goal of the email is simply to trick you into clicking the link.

If you receive this email, you may be concerned that fraudulent purchases have been made in your name and click the link in the hope of finding out more details.

Or, perhaps you really did purchase products via Walmart and click the link in the belief that you can check the status of your expected orders.

But, in fact, the link opens a compromised website that harbours malware. In some versions, the malicious download may start automatically. In other cases, a notice on the website may instruct you to download a file to view the order information.

Generally, the download will be a .zip file that contains a .exe file inside. Clicking the .exe file will install the malware on your computer.

The exact malware payload delivered in such attacks may vary. But, typically, such malware can collect sensitive information from your computer and send it to criminals. It may also download further malware and allow criminals to take control of your computer.

Costco Version Also Being Distributed

This attack closely mirrors another current malware campaign that uses emails that falsely claim to be from Costco. Again, the email claims that you can get information about recent purchase by clicking a link. Clicking downloads a .zip file that contains malware.

In fact, fake order emails are a very common means of distributing malware. And, as Christmas approaches, criminals tend to ramp up their efforts to infect your computer and steal your money.




© Depositphotos.com/ maxkabakov


Last updated: December 2, 2014
First published: December 2, 2014
By Brett M. Christensen
About Hoax-Slayer

References
Fake Costco Order Notification Leads to Malware
Amazon 'Order Details' Malware Email
Watch Out For These 6 Christmas Internet Scams