Phishing scams targeting Sam's Club consumers with fictitious $100 reward offers

Recently, Dennis and Carole contacted us to alert us about a dubious email that purported to be offering a $100 Sam's Club incentive.

 "My wife fell for the fraud and started the free gift offer when we received this yesterday.  Other than email, no credit card was transferred," Dennis stated.

 With the official Sam's Club emblem at the top, the email had a polished appearance.  "YOUR OPINION IS IMPORTANT," it said.  exclusive.  A $100 REWARD IS YOURS.  The recipient was then prompted to "Claim your $100 reward by completing a brief survey."  To get started, click the button below. "GET STARTED NOW!" is written on a bold black button.

Despite no credit card being entered, the couple wanted to know:

Let's break this all down.

At first glance, the email looked like it came straight from Sam's Club, complete with the logo, blue color scheme and a tempting promise of a $100 reward for filling out a short survey. That's exactly what scammers want you to think.

This is a classic phishing scam. Cybercriminals copy a trusted brand's style to trick you into clicking their links or entering personal information. Once you engage, they can:

In this case, only an email address was entered. That means there's no direct credit card risk, yet. However, scammers now know the address is active and that someone at it will click through, making it more valuable for targeted scams later. The next step is protecting yourself quickly, because stopping them now is far easier than dealing with identity theft later.

If you entered your email in a scam form, take these steps right away to reduce the risk of further attacks:

Run a scan with a trusted antivirus program. Many modern security tools also include phishing protection, blocking dangerous links before they can load. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Use your email provider's spam or phishing report tool to flag the message. This helps block future attempts and trains filters to catch similar scams. 

Data removal services can contact data brokers to remove your personal information from their lists. This makes it harder for scammers to target you with more personalized attacks. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap — and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Scammers often follow up with urgent-sounding emails to "confirm" your account or claim you won a prize. Delete these immediately without clicking links or opening attachments. 

Never reuse the same password across multiple accounts. If scammers target your email address, they may try it with common password guesses. Create unique, strong passwords for each account and store them in a reputable password manager.

Scammers can still benefit from your personal information even if you choose not to provide payment information.  Phishing attempts that aim to install malware, steal passwords, or obtain other private information can be launched using an email account.  Scammers are skilled at making an email appear authentic, particularly when they include a gift card as bait.  You may lower your risk by being vigilant, reporting shady communications, and safeguarding your personal information.