Fake Walmart / Costco / Target survey gift-card phishing — impersonates major retail brands, claims recipient was selected for a customer survey and will receive a $500–$1,000 gift card upon completion; drives to subscription traps or credential-harvest pages; FTC 2024: retailer brand impersonation top-5 phishing lure; Walmart is #2 most impersonated retail brand

Phishing emails impersonating major retail brands (Walmart, Costco, Target, Sam's Club, Kroger) with a fabricated offer: the recipient was "exclusively selected" to complete a short customer survey and will receive a $500–$1,000 gift card as a thank-you upon completion. Clicking the link leads either to a credential-harvest page styled as the retailer's login, a subscription trap that collects payment card details for a "small shipping fee" on the gift card, or a malware-serving page. Key facts: (1) FTC 2024: retailer brand impersonation is a top-5 phishing lure, with Walmart second only to Amazon among retail brands and Costco ranking in the top-10; millions of these emails are sent weekly according to Proofpoint Q3 2024 threat intelligence reports; (2) The $500–$1,000 gift-card reward is calibrated to be large enough to motivate action but small enough to seem plausible — legitimate retail surveys offer $5–$25 in rewards, never $500+; (3) Legitimate retailer survey invitations arrive from verified company domains with a List-Unsubscribe header, link directly to the retailer's own survey platform (e.g., walmart.com/feedback), and never require payment card details to "ship" a reward; (4) The subscription trap variant — where victims enter card details for a "$1.99 shipping fee" on the gift card — results in unauthorized charges of $89–$149/month that are extremely difficult to cancel. Warning signs: unsolicited from a non-retailer domain, gift-card reward implausibly large ($500+), urgency about "24 hours only," link to unfamiliar domain, card details required for "shipping."