Crooks Use Sam's Club Name in Phishing Email Scam Scams & Fraud

Crooks Commandeer Sam' s Club Name to Send Scam Emails

Warehouse club among hundreds of big brands hijacked by phishing fraudsters this year

Getty Images Scam emails supposedly from Sam’s Club recently have wormed their way into inboxes across the country. One of the fake messages invites consumers to answer a bogus 30-second survey for a chance to win a $1, 300 Apple laptop or other prize.
After three emails that highjacked the warehouse retailer’s name were shown to Sam’s Club, spokesperson Erin Hulliberger told AARP that the company had not sent them. The big-box store sends emails only from addresses ending with “@SamsClub.com,” she said. The emails shown to Sam’s Club, which were sent in September and October, came from different email accounts from impostors . The messages were phishing emails, Hulliberger said, so recipients should report them and , out of caution, change their Sam’s Club password. In a phishing attack, cybercriminals try to grab people’s sensitive data by using fraudulent solicitations in emails and on websites. Typically, the crooks masquerade as a representative of a legitimate business or pose as a reputable person, launching thousands of phishing attacks every day — “and they’re often successful,” the Federal Trade Commission (FTC) warns. The agency is among entities tracking what one outside expert characterized as a growing global threat. Here’s on staying safe.

500 brands phished in May

A record-breaking 500 consumer brands were hit by phishing attacks in May, according to an international trade group, the Anti-Phishing Working Group (APWG), which tabulates reports and tracks the attacked brands. It does not publicize the brands , so bad actors can’t detect which of their illicit emails bypassed security protocols. Experts say that if you receive a suspicious email, just hit delete. Equally important : Never click a hyperlink or open an attachment in a sketchy email or interact with the sender in any way. , and are a few of the well-known companies that have fought bogus emails or websites. Well-known brands also contend with scam phone calls and fake texts, mobile apps, social media posts, special offers and coupons. AARP This phishing email — not actually from Sam’s Club — was sent to an AARP member in October. Experts say hundreds of brands are featured in scam emails like these, and they should be deleted.

Large-scale scourge

Sam’s Club has 599 stores in 44 states and Puerto Rico, its corporate parent, Walmart, s tated in its last annual report. Sam’s Club has seen no indication that its computer systems have been infiltrated or that it suffered a data breach, according to Hulliberger. When the company contacts consumers , it never asks for a credit card number, so consumers should not reveal theirs, she added. The top methods of contact in frauds reported to the FTC in recent years have been, in descending order, phone calls, texts and emails. Though in third place, illicit emails trigger big losses: $149 million during the first half of 2021, which put losses on pace to exceed the $252 million lost in all of 2020 and $226 million in 2019. After the record-setting number of brand attacks in May, the number dipped to 495 in June, the Cambridge, Massachusetts–based APWG s tated in . Meantime , in June , 222,127 unique phishing websites were reported , along with 9,669 unique phishing email subject lines, the consortium said. The APWG has members from governments, law enforcement and other entities in about 140 countries, but most of its phishing reports come from the U.S., said Peter Cassidy, its cofounder and secretary -general. To report a phished email, contact:
• The Anti-Phishing Working Group at • The Federal Trade Commission at To report a phished text message, the Federal Communications Commission advises alerting your wireless service provider by forwarding the text to SPAM (7726).

Be vigilant as holidays near

The upcoming holidays require vigilance , since the pandemic has triggered a huge uptick in e-commerce, Cassidy said. COVID-19 has conditioned consumers to be comfortable with online retail and digital payments , so “phishing gangs will be using that comfort and familiarity to their advantage .” Addressing the phish ing emails purportedly from Sam’s Club, Cassidy said that on their face , they were unremarkable — the “same old, same old” pitches that have long bedeviled consumers. Phished “Sam’s Club” emails don’t seem to be among cybercrooks’ “perennial favorites,” he added. Still, it’s what happens when you respond to a phish ing email that causes problems, Cassidy warned. Does a fraudster in a follow-up call try to wheedle information out of you? Does a link take you to a malicious website? The anti-phishing group warns that technical subterfuge can play a role in phishing attacks , as bad actors try to plant malicious software onto computer devices to steal consumer s' credentials. Often they misdirect consumers to counterfeit websites to intercept sensitive information.

Join today and save 25% off the standard annual rate. Get instant access to discounts, programs, services, and the information you need to benefit every area of your life.

Financial institutions are top target

National brands are vulnerable because they are known and trusted, Cassidy said. Financial institutions were the hardest -hit sector, the target of 29 percent of phishing attacks from April through June of this year, according to the APWG. Rounding out the top five sectors were social media sites (15 percent of attacks), digital -payment sites (12 percent), email and cloud-based software service providers (9 percent) , and retail and e-commerce sites (8 percent). Also worrisome is that the cryptocurrency industry , including exchanges and wallet providers , was the sixth -most-often -hit sector, the target of 7.5 percent of attacks in the second quarter of the year (up from 2 percent in the first quarter ). Observing that cybercrime ignores country borders, Cassidy said gangs across the world can easily obtain huge lists of emails, steal company logos and masquerade as legit businesses. So, remember, if you are asked in a questionable email to take a survey or click a link, do not, Cassidy stressed. No purported reward or prize is worth the trouble that could result. Likewise, delete emails from entities that you do business with but that do not normally reach out in electronic messages. Instead , contact the company through a secure method , like a phone number from a statement , to investigate what’s been presented. “Be thoughtful about every inbound communication,” Cassidy said. “The most effective email attacks are against people who are really customers of an organization or a company.” As for the phish ing emails supposedly from Sam’s Club, the recipients aren’t members. And , no, they didn’t engage. Instead, they unleashed a not-so-secret weapon: the delete key.

How to Identify Fake Emails

Katherine Skiba covers scams and fraud for AARP. Previously she was a reporter with the Chicago Tribune, U.S. News & World Report, and the Milwaukee Journal Sentinel. She was a recipient of Harvard University's Nieman Fellowship and is the author of the book, Sister in the Band of Brothers: Embedded with the 101st Airborne in Iraq. can help you spot and avoid scams. Sign up for free , review our , or call our toll-free at 877-908-3360 if you or a loved one suspect you’ve been a victim.

More on Scams and Fraud​ br

Cancel You are leaving AARP.org and going to the website of our trusted provider. The provider’s terms, conditions and policies apply. Please return to AARP.org to learn more about other benefits. Your email address is now confirmed. You'll start receiving the latest news, benefits, events, and programs related to AARP's mission to empower people to choose how they live as they age. You can also by updating your account at anytime. You will be asked to register or log in. Cancel Offer Details Disclosures

Close In the next 24 hours, you will receive an email to confirm your subscription to receive emails related to AARP volunteering. Once you confirm that subscription, you will regularly receive communications related to AARP volunteering. In the meantime, please feel free to search for ways to make a difference in your community at Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.