Walmart.com customers are being flooded with repetitive emails urging them to reset their passwords in what looks to be a phishing attack, BGR has reported, based on a series of complaints recently made on social media.
In an unusual twist, the emails do not appear to come from an external party pretending to be the retailer, but rather from a legitimate Walmart.com address. The password reset page that the email links to also looks genuine. Regardless, the unusual, spam-like behavior of the campaign suggests that a bad actor is attempting to steal users’ credentials during the reset process.
While the exact nature of this apparent hack remains in question, a report by Android Origin theorizes that either a “very clever hacker is trying to kill Walmart’s email servers” or a former employee who still has access to Walmart.com’s email system may be trying to pull off a scheme.