Share
BRAND IMPERSONATION

Walmart scam call and gift card text: how to spot both in 2026

A robocall from the "Walmart fraud prevention department" about a suspicious PlayStation order, and a text saying you won a Walmart gift card, are the same scam wearing two masks. The robocall wave alone reaches hundreds of thousands of people a week. Here is how to know it is fake in seconds, without calling anyone back or tapping a single link.

SafeBrowz Threat Research Security ResearchJuly 2, 20269 min read

Verdict: both are scams - Walmart does not cold-call about fraud or text you gift-card wins

A call from a "Walmart fraud prevention department" that asks you to verify a card, PIN, or one-time code is a scam, and a text saying you won a Walmart gift card you never entered to win is a scam. Walmart does not make unsolicited calls asking you to confirm payment details or read back a security code, and it never notifies prize winners by random text. Do not press 1, do not call the number back, and do not tap the link. If you want to check whether an order is real, only look inside the official Walmart app or by typing walmart.com yourself. Real card fraud is handled by your own bank, using the number on the back of your card.

The Brief

Two Walmart impersonation waves are running at once in 2026, and they feed each other. One is a phone campaign: an automated "Walmart" call warns you about a big order or a suspicious charge, then routes you to a live "agent" who wants your card number, Social Security number, or the one-time code your bank just texted you. The other is a phishing campaign over text and email: "You have been selected for a free Walmart gift card" or "Claim your 4th of July reward," with a link to a fake Walmart page that harvests your card and personal details. The connecting rule is simple. Walmart does not cold-call you to make you prove who you are, and you cannot win a prize you never entered. Judge an order the way you would beat a fake Amazon recall refund text, by checking inside the real app, never on the message.

The "Walmart fraud prevention department" robocall

The call usually opens with an artificial voice. Reporting cited by the Federal Communications Commission described voices named "Emma" or "Carl" saying a preauthorized purchase of a PlayStation 5 special edition with a Pulse 3D headset, for $919.45, was about to be charged to your Walmart account, and inviting you to "press 1" to cancel it. In a newer April 2026 twist, the caller claims to be from Walmart's fraud prevention department and asks about a suspicious charge on your account.

Press 1, or call the number back, and a live person takes over. They sound calm and helpful. They already "see the order," they just need you to confirm your identity so they can cancel it. That is where it turns: they ask for your full card number, the security code on the back, your billing address, sometimes your Social Security number, and increasingly the one-time passcode your bank sends to your phone. Read any of that back and the money is gone, because you have handed over everything needed to drain the card or take over the account.

The scale is not small. A robocall-tracking service estimated the campaign generated nearly 8 million calls across the US between January 21 and April 11, 2025, and on December 2, 2025 the FCC Enforcement Bureau ordered a voice provider, SK Teleco, to stop carrying the traffic or risk being cut off from US phone networks. New numbers keep spinning up, which is why the calls did not vanish after the order.

Here is the part scammers rely on you forgetting: caller ID can be spoofed, so "Walmart" or a real-looking number on your screen proves nothing. A phone robocall is voice, not a web link, so no browser tool can silence the call itself. The defense is a habit. Real fraud teams do not need you to read back a card number or a code. If a caller does, it is a scam, every time.

The "you won a Walmart gift card" text and email

The second wave lands in your messages. "Congratulations, you have been selected to receive a $250 Walmart gift card." "Your Walmart loyalty reward is ready." "4th of July special: claim your Walmart bonus before midnight." There is a countdown, a bit of flattery, and a link. Tap it and you reach a page dressed in Walmart's blue and yellow that asks you to "verify" your details, pay a small "shipping fee" with your card, or enter your login to "claim" the reward. Some versions run a fake survey first to make it feel earned.

None of it is real. Walmart does not notify contest winners by random text, and you cannot win a giveaway you never entered. The FTC's guidance is blunt: legitimate companies will not text you out of the blue telling you to click a link or pay a fee to collect a prize. The links do not lead to walmart.com. They lead to lookalikes such as walmart-rewards[.]top, walmart-gift-claim[.]shop, or walmartcard-verify[.]online (illustrative examples, not real Walmart domains). The word "walmart" is there, glued to "rewards," "gift," or "verify," or parked on a cheap ending like .top or .shop that a real retailer would never use for its store.

The real Walmart store lives on walmart.com. Anything else wearing the logo is impersonation, no matter how polished the page looks.

๐Ÿ›ก LIVE CHECK

Test that "gift card" or "verify" link before you tap

Got a text or email with a Walmart reward or verification link and not sure about it? Paste the link below before you tap it. Our 3-layer engine (Local + APIs + AI) returns a verdict in about 3 seconds. Free, no signup.

Full scan with deep AI analysis โ†’ ยท No URL is logged to your identity.

The 30-second check: verify only inside the real Walmart app or site

This is the whole answer, and it works whether the message is a perfect fake or the rare genuine notice, because it never trusts the call or the text.

  1. Hang up, or do not tap. Do not press 1, do not call the number back, do not open the link. Nothing real is lost by pausing.
  2. Open the official Walmart app, or type walmart.com yourself. Use the address bar or a bookmark you made. Do not search and click an ad, and do not use any link from the message.
  3. Sign in and check your orders and account. If there were a real $919 order or a real account problem, it would show up here, in your actual account, not only in a call or a text.
  4. If your orders look normal, the message was fake. There is no PlayStation charge and no gift card. Delete the text, hang up the call.
  5. For any card worry, call your bank directly. Use the number printed on the back of your card, never a number a caller gives you. Your bank, not "Walmart," handles card fraud.

That is the same rule that beats the whole category, from a fake Social Security "suspended number" robocall to a Zelle fraud-alert text: judge it on the real, official channel you open yourself, never on the message that reached out to you.

Red flags that mark it as a scam

  • An inbound call asks you to verify a card, PIN, or one-time code. Real fraud teams never need you to read those back. This alone marks the call as a scam.
  • "Press 1 to cancel" an order you never placed. The oddly specific PlayStation charge exists to spike your panic and get you on the line with a live "agent."
  • You "won" a gift card you never entered to win. Walmart does not pick prize winners by random text. No entry, no prize.
  • A link that is not walmart.com. Anything like walmart-rewards, walmart-gift-claim, or a store parked on .top, .shop, .online, or .vip is fake, even if the page looks perfect.
  • A small "fee" to release a free prize. A real reward never asks for your card to cover shipping or taxes up front. That field exists to steal the card.
  • Pressure and a countdown. "Claim before midnight," "your account closes in 24 hours." Urgency is there to stop you checking on the real site.
  • Caller ID or sender that looks like Walmart. Both are trivially spoofed. A trusted-looking name or number is not proof of anything.

What to do if you already gave details or tapped the link

Move fast. Speed is what limits the damage.

  1. Call your bank or card issuer now. Use the number on the back of your card. Report the card as compromised, request a replacement, and watch for charges you did not make.
  2. If you read back a one-time code, change that account's password. A code you shared may have let someone into your bank or Walmart login. Reset it by going to the site directly.
  3. Turn on two-step verification on your Walmart account and your email, so a stolen password alone is not enough.
  4. Check for changes you did not make. New shipping addresses, added payment methods, or recent orders on your Walmart account. Remove anything you did not add and cancel fraudulent orders.
  5. If you entered a Social Security number, treat it as identity-theft exposure. Consider a fraud alert or credit freeze, and monitor for new accounts opened in your name.
  6. Reset that password anywhere you reused it. Give every account its own unique password.

How to report the Walmart scam

  • Report it to Walmart. Walmart runs a fraud-alerts page and takes reports of messages and calls that impersonate the brand, at corporate.walmart.com/privacy-security/fraud-alerts.
  • Forward scam texts to 7726 (SPAM). This free shortcode reports the message to your mobile carrier so it can block the sender.
  • Report the scam to the FTC at reportfraud.ftc.gov. This feeds the consumer-protection data behind warnings like this one.
  • In the US, report to the FBI Internet Crime Complaint Center at ic3.gov if you lost money or had an account taken over.
  • Delete the message or hang up after reporting. Do not tap anything on the way out.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

  • Layer 1 - Local detection: 60+ URL pattern signatures plus a 550+ brand database (Walmart included) plus Cyrillic and Punycode homograph checks, all running inside the extension before the page renders. It catches lookalike reward and verification domains such as walmart-rewards or walmart-gift-claim where a non-Walmart domain serves a Walmart-styled page.
  • Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus and ScamAdviser feeds plus 30+ scam TLD lists to flag domains already known to be malicious, which covers many gift-card and "claim your reward" phishing domains as they get reported.
  • Layer 3 - AI deep scan (Premium): 100+ language content analysis catches brand-new lookalike pages in seconds, including a fake Walmart gift-card claim page that copies the real styling but sits on the wrong domain.

Honest scope: SafeBrowz blocks the phishing link and fake Walmart page before it loads, so the reward text and the "verify your details" step cannot reach you. It cannot silence a phone robocall itself, because that is voice, not a URL. Pair the extension with one habit: never give a card number or a one-time code to an inbound caller, and check any order only inside the official Walmart app.

Detection signatures come from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.

Where browser-layer defense fits

The phone call and the text are two ends of one machine. The call scares you into action, and a link is where many victims are pushed to "confirm" details on a fake page. Browser-layer scanning catches that step. When a Walmart-styled reward or verification page renders on a domain that is not walmart.com, a brand-aware scanner flags the impersonation before the form loads. SafeBrowz is a free extension for Chrome, Firefox and Edge, plus a live Android app (Safari coming soon), that checks every URL before it renders against a 550+ brand database. Install SafeBrowz and pair it with the one rule that beats this whole category: reach Walmart only by opening the app or typing walmart.com yourself, and never read a card number or code to a caller. If you are still unsure about a page, our guide on how to tell if a website is a scam walks through the deeper checks, and our guide to phone and voice scams covers the callback trap in detail.

Install SafeBrowz free

Add the browser extension, or the SafeBrowz Android app, that runs every link check in this article automatically, on every page, before it renders. Free forever, with optional Premium AI deep scan at $14.99 per year.

Chrome Add to Chrome Firefox Add to Firefox Edge Add to Edge Google Play Get it on Google Play

See pricing and Premium features

Frequently asked questions

Does Walmart call you about fraud or a suspicious order?

Walmart does not make unsolicited calls asking you to verify a card number, PIN, or one-time code to "cancel" an order. An automated call about a $919 PlayStation charge, or a live "fraud prevention department" agent asking you to confirm payment details, is a scam. Hang up, and check your orders only inside the official Walmart app or by typing walmart.com yourself. For any real card worry, call your bank using the number on the back of your card.

I got a text saying I won a Walmart gift card. Is it real?

No. Walmart does not notify prize winners by random text, and you cannot win a giveaway you never entered. A "you have been selected for a $250 Walmart gift card" or "4th of July reward" text with a link is a phishing scam. The link goes to a lookalike page, not walmart.com, and it is built to steal your card details or login. Do not tap it. Forward the text to 7726 to report it to your carrier, then delete it.

The caller ID showed Walmart. Doesn't that prove it is real?

No. Caller ID is easily spoofed, so a screen that reads "Walmart" or shows a familiar-looking number proves nothing. Scammers routinely fake trusted names and numbers. Judge the call by what it asks for, not by what your screen says. If an inbound caller wants a card number, security code, or the one-time passcode from your bank, it is a scam regardless of the caller ID.

How do I check if a Walmart order or charge is really mine?

Open the official Walmart app, or type walmart.com into your browser yourself, and sign in. Look at your order history and account. A genuine order or account issue appears there, on the real site, not only in a phone call or a text. If your orders look normal, there is no PlayStation charge and no problem, and the message was fake. Never confirm an order by pressing a number on a call or tapping a link in a text.

I gave the caller my card number or a one-time code. What now?

Call your bank or card issuer immediately using the number on the back of your card. Report the card as compromised and request a replacement. If you read back a one-time code, change the password on that account right away and turn on two-step verification. Check your Walmart account for changed addresses, added payment methods, or orders you did not place. If you gave a Social Security number, consider a fraud alert or credit freeze.

How do I report a Walmart impersonation scam?

Report calls and messages that impersonate Walmart at Walmart's fraud-alerts page, corporate.walmart.com/privacy-security/fraud-alerts. Forward scam texts to 7726 (SPAM) so your carrier can block the sender. Report the scam to the FTC at reportfraud.ftc.gov, and in the US file a report with the FBI at ic3.gov if you lost money or had an account taken over. Then delete the message or hang up without tapping anything.

Related SafeBrowz coverage

Bottom line: the "Walmart fraud prevention department" call and the "you won a Walmart gift card" text are the same impersonation scam in two forms, and both are hitting people at scale in 2026. Walmart does not cold-call to make you verify a card or a code, and you cannot win a prize you never entered. Hang up, do not tap, and check any order only inside the official Walmart app or by typing walmart.com yourself. Put SafeBrowz on your browser so the fake reward and verification pages never load, and pair it with the habit of never reading a card number or one-time code to an inbound caller.