So I was surprised to find, when shopping online on Walmart, that there was already an account with my email. I couldn’t recall having made such an account, but then figured it must have slipped my memory - I’ve got numerous accounts on numerous websites for online shopping and whatnot.
I then ordered some clothing online on Walmart, and entered my credit card info, and completed the purchase…only to notice that the “Thank you (Mysterious Shopper’s Name) for your purchase” was…not my name. It was someone else’s name entirely.
I entered the name on Google to search, and other people online complained about the same - someone had made accounts in their name with (Mysterious Shopper’s Name)."
I had input not only credit card info, but home address, email, phone etc…
So you discovered there was already an account with your email. But surely this account has a password. How did you get into the account? Did you do a password reset via your email? Unless this person has compromised your email access, in which case you have much bigger problems, haven’t you shut them out of the Walmart account by assigning a new password?
Gppd point. I suggest you immediately change your email password as well, just in case that other person has hacked your e-mail. There is a fair chance of that: otherwise how could someone else create an account at your e-mail address?
Just to be sure: I suggest you change your e-mail password again from what it is currently. It appears your e-mail might have been hacked already, and if you do not change it, it is possible the culprit changes it for you and you lose access to your e-mail and are unable to reclaim control of accounts using that e-mail.
I’m not really sure what the scammer’s plan was here. Even if they could get into your Walmart account somehow after you entered credit card details, stored credit card details are never displayed in full, and these days it’s universal practice to require you to reenter at least the CCV number if you request delivery of goods to a novel address. I guess they could see your street address, but it’s not as though you’re entering your social security number into a Walmart account.
I don’t think the existence of this Walmart account implies they have access to your email. That makes little sense. If they have access to your email, why set up a Walmart account and just wait on the random chance that you might one day buy something from Walmart?
I agree, the scammer’s actions are rather baffling. However, the fact that the Walmart account was set up and that Velocity apparently didn’t receive any e-mails about it in the past suggests that these e-mails were intercepted by the scammer. That’s why I think there is indeed a chance that the e-mail was hacked. True, it is only a probability, but it seems better to be safe than sorry.
Scammers are odd. Years ago I learned my e-mail was hacked because the scammer sent spam from my email to another e–mail account of mine. If he hadn’t done that, I’d never have known I’d been hacked.
This is why I suggest using MFA for every account you can. For example, Amazon and Google/Gmail both do (I assume Walmart will as well). Then scammers not only need your password, but also your MFA method. Some MFA methods are better than others, but they are all better than none.
If you haven’t enabled MFA on your retirement and financial accounts, do it now. Most are now requiring it by default, but not all yet.
You should contact your bank and the fraud department at Walmart and tell them what has happened. They need to know so they can watch for any suspicious activity involving these accounts.
For those who are wondering why they have to get a Master of Fine Arts degree to safeguard their online accounts and how such a degree would actually help, you should know that in THIS case, the acronym refers to Multi Factor Authorization.
It seems likely to me that the bank will just cancel the card and issue a new one, rather than putting any additional effort into watching for fraudulent transactions.
LOL! Thanks for explaining the acronym. I live in an environment of non-stop acronyms, almost as bad as the military, and often forget to explain them.
Did the Mysterious Shopper have an address on file and set to the default? If so, maybe they just hoped that some number of people would order an item without looking at the destination and have it delivered there. If they can hack a large number of accounts, they only need to get lucky a small fraction of the time for it to pay off.
I’d agree that this doesn’t imply they have access to your email, nor do they likely know your CC#. Vendors generally hide that information on the profile.