Threat actors impersonate Geek Squad to harvest credentials

Subscription renewal emails might get your heart pounding. Especially when it comes from a service provider you never even subscribed to.

While going through my mailbox, I noticed an email confirming my subscription renewal for Geek Squad, a Best Buy subsidiary specializing in the maintenance and repair of consumer electronics.

Most of the time, similar emails land in a spam folder, but this message was simply waiting for me next to my regular correspondence, so it caught my attention.

“This is a confirmation email. Your annual Geek Squad 360 subscription has been auto-renewed successfully. Amount will be deducted from the saved card under your account,” the message reads.

It further claims that my card was charged $348.59. As is typical with similar scam emails, it provides a number for any queries. Criminals probably hope a victim would panic and call the given number to cancel the subscription.

The email is simple and doesn’t contain any links (and that’s why it’s probably not flagged as spam or a phishing email). The second red flag here (the first one is the fact that I don’t have a Geek Squad account) is the sender’s email address: [email protected]. It looks unprofessional, right?

You might wonder, why would a threat actor send you a phishing email with no malicious links for you to click on? Well, anti-phishing technology has become more effective at warding off even the most sophisticated attacks, and criminals have switched to low-tech phone scams.

These phishing emails threaten financial loss - if you don’t call and cancel the subscription, your credit card will be charged. Creating a sense of urgency, threat actors are hoping you’d call to cancel your subscription. During a phone call, scammers will try to extract as much personal information as possible, allegedly needed to confirm your identity and cancel the subscription. They might ask for a Social Security number, date of birth, and banking information.

Never call a given number and, if in doubt, go to the original website, find their support contacts and reach out to them. Note that it’s not only Geek Squad that threat actors impersonate. They target the biggest brands, such as PayPal, DHL, Amazon, and Microsoft. Fraudsters are typically more active around Thanksgiving or Christmas when people do indeed shop a lot and might be waiting for a delivery or a confirmation email.