The Geek Squad scam was last seen in 2021. But one member of the EMCRC team was targeted with this financially-motivated phishing scam just last week.
Cybercriminals often use the service subscription theme to bait users. These swindles are particularly effective when they mention certain amounts of money being withdrawn from a person’s credit or debit card.
This is the case with the latest spin-off of the Geek Squad email scam. Although most recipients have no relationship with the company impersonated in these messages, there is a good chance that they will click the embedded link or call the phone number, only to fall victim to credential theft or financial fraud.
Our Digital Media and Communications Officer Phil Viles spotted this scam recently. Phil says:
“It catches your eye and very nearly catches you out! The scam claims to have auto-renewed your service and charged a whopping $399.99 for the privilege. Obviously this is a lot of money, so alarm bells start to ring.
But look at the email a little closely and you’ll notice just how unprofessional it looks – a tell-tale sign that it’s a scam.
I searched online for such scams – always good practice if you’re unsure – and discovered it’s a known scam. Even before I had finished typing ‘Geek Squad’ into the search bar, Google predicted ‘Geek Squad Scam’ as a recognised search”
This is the email Phil received...
As Phil says, the scenario is that a message lands in your email inbox informing you about an automatic renewal of a Geek Squad subscription. For the uninitiated, Geek Squad is a Best Buy subsidiary specialising in maintenance and repair of consumer electronics.
Whether you actually have an account with this service or not, a notification like that is likely to evoke natural curiosity. The indication of the sum that has been supposedly debited from the account will heat up the interest further.
While prudent recipients will ignore this message, quite a few will get hooked despite all the giveaways. For instance, the email address of the sender was named simply 'Payment Details'. This is one of the main clues suggesting that the whole story is untrustworthy. It has nothing to do with Geek Squad or its parent company, and on closer inspection, behind ‘Payment Details’, was an email address assigned to a ’firstname.lastname@example.org’. Even ‘smith’ was spelt incorrectly!
As stated, other signs that this is a scam is the general look and feel of the email. Basically, it looks horrendous and nowhere near professional enough to be from a trusted company.
The NSCS have more advice on how to spot a phishing scam on their website and we offer Security Awareness Training which is aimed at staff - because employees can be the barrier to phishing attacks if they know what to look out for.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to email@example.com. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).