• Text Only
Thanks for the heads up. I just logged in and deleted my payment method. How frustrating! You would think that it would be incredibly stupid to order a laptop on someone else's card and ship it to yourself! Did you happen to save the address they were shipping it to? I got one of these emails from Paypal a couple months ago and it scared the crap out of me.

I thought I had been hacked earlier today, but it turns out I was probably just caught in the middle of someone else's misfortune.

I got an order confirmation and pickup reminder from WalMart around noon. As soon as I got them, I checked my WalMart account, but there was no record of any orders (don't worry: I didn't click any links in the email to get to my account). So I assumed it was just a phishing attempt. The email looked legitimate enough, though, so I checked it more closely and noticed there was a dot in my email address. So I'm guessing the scammer tried using my email address while ordering as a guest but got an error saying the address was in use, so he added a dot. Sure enough, I tried tracking the order with the dot in my email and the last six digits of the order number, and it showed up as a legitimate order.

The name of the person who ordered, the designated pickup person and the cardholder are all different. The card belongs to someone in CA, but the pickup is in IL.

I emailed WalMart about it, but I'm sure I won't hear back until tomorrow. I've checked all of my credit cards and bank accounts, as well as those of my wife, and nothing has been compromised. In the end the most disturbing part of the story is how he chose my email address to send confirmation to, but the more I think about it, it could simply have been a typo and not purposeful. The cardholder and I share a last name (a very common one) that is part of my email address, and our first names start one letter apart on the keyboard.

Anyway, I changed my password at WalMart.com, and much to my surprise, they had saved my AMEX as a payment method. I have only made one order from WalMart.com in my life and never purposely saved anything for future use. I deleted it, but I'm sure it's still floating around in there somewhere. The most likely fraudulent order in question was charged to a MasterCard that does not belong to me, and there is no unusual activity on my AMEX.

I'm pretty sure I've done all I can. I feel sorry for whoever is left holding the bag, but WalMart certainly does not make it easy to report suspected fraud. In the end I don't even know for sure if it was fraud, but it certainly looks suspicious. Regardless, I have to say†it's a pretty unnerving experience even when it turns out you weren't compromised in the end.

At this point, seeing as how WalMart is still doing nothing and denying causation, it would be wise to inform the business mags/newspapers and local newspapers to see if they will cover it. Especially since that AMEX representative already knew about the hacking (referring to dollarshort's post).

I know fw'ers don't like putting their names and stories out there in the public domain, but something really has to be done.†​If enough victims came forward maybe it would start the snowball.

I wasn't hacked and can't relay an experience, but I emailed Shelly Banjo of the WSJ a few months back,†Shelly.Banjo@WSJ.com


Another brief thought on security at WalMart.com: They have actually weakened their password policy in the past year. They used to allow 12-character passwords, but the limit is now 11. I had to shorten my password when I changed it. At least they still allow symbols.

I was hacked yesterday,it's been over 3 years since I made a purchase from WalMart.com, so the jerks changed the address and payment information on my account. They now know where I live. They purchased 2 emailed subscriptions for boost mobile and cricket but used my email address, a different address and credit card. I have put a freeze on my credit,but now I fear they know too much about me. I don't remember if I clicked on the phishing email or searched for WalMart on a search engine, but everytime I scan my computer it says it is clean. ???. I was in a fog and now I don't remember if I clicked on those links in my email.

vintagefreak4u said:   I was hacked yesterday,it's been over 3 years since I made a purchase from WalMart.com, so the jerks changed the address and payment information on my account. They now know where I live. They purchased 2 emailed subscriptions for boost mobile and cricket but used my email address, a different address and credit card. I have put a freeze on my credit,but now I fear they know too much about me. I don't remember if I clicked on the phishing email or searched for WalMart on a search engine, but everytime I scan my computer it says it is clean. ???. I was in a fog and now I don't remember if I clicked on those links in my email.
† They don't get the info from anything you click they somehow gain access to Wa1mart accounts without the victim having done anything except not knowing that Wa1mart automatically stores credit card information without asking. So if anyone reading this orders from Wa1mart in the future use Paypal or if you use a credit card delete it from your account profile as soon as your order is paid for.†

I officially hate WalMart for not caring and being oblivious to their customers' safety...those scumbags now have access to where I reside and can do more harm with my information. I did not have credit card on my WalMart account...now that I think about it, I don't remember signing up for an account, I usually use guest checkout and don't even bother saving my information on consumer websites unless I frequent a particular store often.

Just got an order confirmation email from WalMart, someone was getting a new laptop. Only they didn't have it shipped, they did a site to store pickup for tomorrow morning. Got the order cancelled and changed my password. Called the store and they will be on the lookout for someone picking that order up. Craziness.

I didn't read through the whole thread, but my account was hacked 2 years ago and someone ordered a Laptop site to store and then did a seperate order for a TV to their house(I assume). I didn't notice the order, because I no longer used the email address affiliated with the account, until it had already been shipped and received. Once I got my statement, I called Wal-Mart, they were unwilling to help whatsoever. I did a chargeback with my bank, and after 2 months, I finally "won" and got my money back. Then 6 months later Wal-Mart appealed the decision I guess? So I had to file another chargeback request with basically an essay claiming I didn't make the order. I finally "won" after a total of 10 months.

It was such a pain and when speaking to their fraud department, they kept insisting I made the order even though I'm in Georgia and the order was shipped to Pennsylvania. Can they not check IPs?

They could check IP, but they first have to implement a policy that forces customers to place all orders from the vicinity of their home. There was an article just yesterday about online retailers contemplating this. But it'll only be an annoyance to both, customers and fraudsters.

Brief update on a post I made a few months ago:

The crooks must have set up an actual account using an errant dot in my email address, so I keep getting updated on their nefarious deeds. Most recent was an unlocked iPhone 5 billed to a poor woman in Alaska, picked up in Indiana. As before, there were 3 completely different names on the order (i.e. account holder, CC holder, authorized pickup person were all different).

At the end of last month they got an all-in-one computer. This time the CC holder was in CA and pickup was again in IN. The only name I recognized from before was the WalMart.com account owner, and as before there were two other different names on the order. So far they have burned through three presumably stolen CC's.

Every order has been site-to-store, and they pick them up as soon as they are ready.

I tried contacting WalMart to let them know what was going on, just to give a friendly heads-up. In response they acted as if I were somehow doing something wrong, so I just let it go. As long as they're making money, they don't care about alleged criminal activity.

Often it is safer not to be a good Samaritan, so I'm going to stay out of it. Never shopping at WalMart again, though. It's way too risky.

You mean never shopping on WalMart.com, right? Shopping at WalMart B&M isn't more risky than anywhere else.

If you have any eGift cards stored in your WalMart.com account, you can use them to buy a physical gift card, for the exact amount, down to the cent, with free shipping. That's better than just deleting them and keeping them in your records, because the physical gift card is easier to use at a WalMart B&M.

TrentSteel said:   Brief update on a post I made a few months ago:

The crooks must have set up an actual account using an errant dot in my email address, so I keep getting updated on their nefarious deeds. Most recent was an unlocked iPhone 5 billed to a poor woman in Alaska, picked up in Indiana. As before, there were 3 completely different names on the order (i.e. account holder, CC holder, authorized pickup person were all different).

At the end of last month they got an all-in-one computer. This time the CC holder was in CA and pickup was again in IN. The only name I recognized from before was the WalMart.com account owner, and as before there were two other different names on the order. So far they have burned through three presumably stolen CC's.

Every order has been site-to-store, and they pick them up as soon as they are ready.

I tried contacting WalMart to let them know what was going on, just to give a friendly heads-up. In response they acted as if I were somehow doing something wrong, so I just let it go. As long as they're making money, they don't care about alleged criminal activity.

Often it is safer not to be a good Samaritan, so I'm going to stay out of it. Never shopping at WalMart again, though. It's way too risky.

††If I were you I would file a police report.† Otherwise you might get accused of being an accomplice to the fraud.

Ok, I got a possible phishing email this morning at one of my spare email address that I did use at WalMart.com once.

It's the same email as mentioned here: https://www.facebook.com/walmart/posts/10200599635245582

The link in the email does seems legit and that's where my confusion comes from. How does it this scam work?

Are you saying the link destination is legit? If so, probably dumb criminals forgot to change it before sending it.

scripta said:   Are you saying the link destination is legit? If so, probably dumb criminals forgot to change it before sending it.
††Well, the plot thickens.† Got another email with no link stating that last email is legit which I am suspecting that it is.† But they didn't lock down the account as stated in the 1st email.† Terrible and inconsistent way of handling a breach.† Send another email from the website.. will update if I get a response.

WalMart.com is pathetic. Password 6-11 characters? I think that's the lowest character max I've seen... and IMO no website should be limiting passwords to less than 64 characters.

Password length isn't important if they're properly stored on the server, and you need the login ID or email address before you can even start. This info is much easier and cheaper to phish than to crack.

elaye said:   WalMart.com is pathetic. Password 6-11 characters? I think that's the lowest character max I've seen... and IMO no website should be limiting passwords to less than 64 characters.
† To be fair, eBay and Amazon password standard is even less.

Everything still points to an internal breach since I haven't logged on to WalMart.com in ages and there's in indication that any of my other online accounts are compromised. †I now do notice they removed any stored payment info off my account though. †Funny, if you read that email linked about by WalMart they specifically pointed to everything else (virus, key logger, etc) and said it's not something on their end. †My expereicne is very similiar to other posted above except I haven't yet see anyone using my CC.

WalMart email said: †We have investigated this issue and have found no indication of a security breach in our systems. Itís possible that someone obtained your account information through a phishing scam, malware on your computer or another outside source.Seriously?!

Yesterday someone must have hacked my WalMart account but boy were they stooooopid, They order an item (Samsung Galaxy S4) for STORE PICKUP. First thing was that if they pick it up they need the original credit card PLUS they have to show up in person with an ID. I am in New Jersey and they purchased it for pickup in ALABAMA. Second thing was they used the CC AND EMAIL that was on my account (didn't change the email). Minutes after the order was placed I got a "your order is ready for pickup" email.

I immediately called Amex and then the WalMart on the confirmation and told them whoever attempts to pick it up is a thief. 20 minutes later I got an email from WalMart saying the order was canceled. I wonder if they busted them.

Same thing happened a few months ago with my Best Buy account except they ordered the item for next-day shipment and not store pick up. I immediately called BB and they simply didn't give a sh1t. The item was actually shipped and delivered to some Italian restaurant (looked it up on Google Earth) outside of Dayton OH. Not my worry.

Happened to me just like that on Dec 7th.... I have the name of a pick up person in the state they tried to pick up a laptop in but no one at WalMart will give me info to prosecute or even investigate. †I guess because there was not enough money on my card they get a free ticket to try again...this is sad, and i cant even get the call from WalMart like i was promised... SMH

catsinthebag said:   Happened to me just like that on Dec 7th.... I have the name of a pick up person in the state they tried to pick up a laptop in but no one at WalMart will give me info to prosecute or even investigate. †I guess because there was not enough money on my card they get a free ticket to try again...this is sad, and i cant even get the call from WalMart like i was promised... SMH
††
The dumb part was they used MY NAME for the pickup.

Saw this post yesterday and logged into my WalMart account to delete any stored CCs. If anyone tried to use mine they were in for a surprise....there were about 15 Amex cards stored there and I vaguely remember having a bunch of $10 prepaid AMEX from some promotion years ago.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

TRUSTe online privacy certification

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2014