Best Buy’s Geek Squad Scam is Touring Inboxes

Phishing scams are a topic we frequently discuss on this blog. In their simplest form, they are emails or messages sent that are designed to steal from you or gain access to computers or networks. One such scam uses the moniker of the popular IT support company Geek Squad, a subsidiary of Best Buy, to steal from its victims. Here’s how you can avoid falling for these tricks.

The Scam Overview

The scam starts with an email from the supposed Geek Squad informing them that their membership has been renewed. Most people who receive this email are not members, so they will naturally call the toll-free number listed on the email to find out why they have been renewed for a service they do not subscribe to. The person on the other end of the phone call agrees to refund the money, but needs access to your online banking account to do so. They then ask for remote access to your computer to show the user how it can be done.

Unfortunately, the “technician” claims that an error has occurred and informs the user that they have accidentally sent too much money to the user’s account. They then use intimidation and accusations to get the user to withdraw money from the account and send it to an address to settle their debts. Users are then further extorted when the technicians inform them that the package was never received. Hundreds of people forked over hundreds of thousands of dollars in the first half of this year as a result of this scheme.

You might think you wouldn’t fall for such a trick, but the fact of the matter is that these victims didn’t think they would, either. These scams never stop, and there is always a new one to take the place of the old. There are some commonalities amongst them, though. These scams:

• Use the name of a popular and well-established organization
• Send emails with attachments or links that, if you look past the frenetic content of the message, seem completely suspect. 
• Use urgency to stress the user out and make mistakes they normally wouldn’t.

Questions About Phishing You Need to Consider

If you ever suspect that you have received a phishing message, then consider asking the following questions:

• Who Sent It? – Are there irregularities in the address it came from, are names or suffixes misspelled, or does it come from someone who has never corresponded with you before?
• What Does the Message Contain? - Are there any links shared in it, does a strange URL appear when you hover your cursor over them, are there any attachments?
• What Does the Message Actually Say? – Are there spelling and grammar issues in a professional email, is there an excessive sense of urgency or time sensitivity communicated, or is there a request to do something like share data or forward access credentials?

If you can’t stop phishing attacks, the least you can do is be prepared to thwart them. BlackCSI can help in this effort. To learn more about how we can protect your business, reach out to us at (717) 620-3042.