3 Geek Squad scams and how to recognize them

Best Buy's tech support brand, Geek Squad, was the most impersonated company by scammers in 2023 according to data from the FTC, with around 52,000 scam reports from consumers. Attackers exploit Geek Squad’s trusted name and pressure victims to act quickly, hoping to get access to sensitive information or direct payments made under false pretenses.

To avoid becoming a victim of the Geek Squad scam, learn more about how the fraud works, different ruses you may encounter, and ways to protect yourself.

What is the Geek Squad scam?

The Geek Squad scam involves fraudsters impersonating real Geek Squad representatives, often in fake emails, to steal personal information or trick people into making payments.

Geek Squad itself is not a scam; it’s a legitimate in-house tech support team owned by Best Buy that helps with tech setups, maintenance, and repairs. Scammers take advantage of the company’s good reputation by sending phishing emails masquerading as communications from Geek Squad.

3 types of Geek Squad scam emails

Cybercriminals use multiple types of Geek Squad phishing emails to trick unsuspecting people into providing personal information or payment details. The most common pretenses include fake invoices for a Geek Squad membership subscription or services rendered, fictitious virus alerts, and false password resets.

However, Geek Squad scams can easily be leveraged as part of other fraud schemes, such as requests for PayPal transfers, fraudulent wire transfers, or gift card scams. So, while the following are ruses to look out for, they’re not an exhaustive summary of every threat.

Here are some common Geek Squad scams to watch out for:

1. Geek Squad invoice or subscription scam

The most well-known Geek Squad scam looks like an auto-renewal invoice, warning you about an upcoming charge for your membership subscription. The email states that if you want to cancel the subscription and avoid the upcoming charge, you need to call a number or click a link that leads to a fake website.

You’ll then be asked to provide personal details like your home address, credit card number, or Social Security number for “verification” purposes. Scammers can then use your address and other private information to make purchases on your card or even steal your identity.

Another invoice scam involves the attacker sending you a bill for labor or parts for a repair that never happened.

2. Geek Squad antivirus software scam

Some Geek Squad phishing emails use scare tactics, like telling you your device is infected with malware. They urge you to download antivirus software through a link provided in the email to protect your personal information.

But if you download the fake antivirus software, cybercriminals may get remote access to your device allowing them to see all of your data, track your activity, and potentially manipulate files, system settings, or financial transactions without your knowledge. If they come across valuable information, they may sell it on the dark web or use it for identity fraud.

3. Geek Squad password reset scam

The Geek Squad password or account reset scam is a phishing email attack where cybercriminals send emails claiming there’s been suspicious activity on your Best Buy account. The email urges you to reset your password using a link the attacker provides, which instead directs you to a spoofed website designed to look like the official Best Buy login page.

This site is a trap that steals any information you enter, including your email address, password, username, and anything else you type. They can use this information to access and take over your real account, break into other accounts that use the same credentials, and potentially make unauthorized purchases in your name.

The scammer hopes that as long as the website passes the “vibe check,” you’re more likely to trust it and hand over your personal information. A recent Gen Threat Report names this practice “VibeScamming”.

How do Geek Squad scams work?

Geek Squad scams generally follow the same formula. First, the scammer gets your email address and makes contact. If you take the bait, they can achieve their goal of stealing money, access, or information.

Here’s a closer look at core steps in a typical Geek Squad email scam:

1. The scammer gets your email address: Attackers may get your contact information through a data breach or phishing attack, off the dark web or a data broker website, or by scraping public platforms like blogs and social media.
2. The scammer sends a phishing email: The scammer sends an email that looks like it’s from Geek Squad. To sell the ruse, they may even include a legitimate logo and a realistic (but unofficial) email address. Riding the brand’s name to gain trust and using an urgent excuse, they increase the chances you’ll take action without looking too closely.
3. You take the bait: Once you engage, scammers try to get what they came for: remote access to your device, account login credentials, your credit card or bank details, or sensitive personal information they can use to commit identity theft.

How to spot a Geek Squad scam email

To determine if a Geek Squad email is a scam or the real thing, you need to know how to spot telltale warning signs like urgent language, unofficial email addresses, and generic greetings.

 Look out for the following signs that a scammer is targeting you:

• Sense of urgency: Scammers often use scare tactics to try and trick you into responding quickly without thinking about whether you’re getting scammed.
• Odd email address: Email addresses from scammers may look similar to the official Geek Squad email, but they won't match exactly. Legitimate Geek Squad emails generally end in “@bestbuy.com,” though email addresses can be spoofed.
• Addressing you generically: Criminals often send out large batches of scam emails and use generic introductions like "Dear Sir/Madam/Customer." Emails that don't address you by name should raise red flags.
• Poor grammar or spelling: Emails from legitimate organizations like Best Buy or Geek Squad typically won’t contain poor grammar or spelling mistakes.
• Notifications on accounts you don't have: Criminals running a Geek Squad scam will still target you even if you don't have a Geek Squad subscription. The idea is to get you to “cancel” your non-existent membership and provide your personal information. They’ll make it a costly fee to encourage you to act quickly so you don’t get “charged.”
• Suspicious links: Hover over links before clicking. Scammers often disguise malicious URLs that lead to fake login pages or malware downloads as password reset or subscription management links.
• Unexpected charges or follow-ups: You may receive invoices for services you never used or emails following up on “requests” you never made, all meant to push you into engaging and confirming personal details.

How to protect yourself from Geek Squad scam emails

Protecting yourself from Geek Squad scams is relatively straightforward; you can boost your defenses by taking preventive measures to keep threats at bay when browsing, strengthening your account security, reporting but not engaging with threats, and setting up proactive threat monitoring.

Learn some trusted ways to defend against online scams, and why they work:

• Use a secure browser: Opt for a privacy-focused web browser that can help block malicious websites, trackers, ads, and downloads to minimize the risk of running into a scam online.
• Report suspicious emails as spam: Flag scam emails as spam or phishing to help your email provider filter similar messages in the future, protecting yourself and other users from attacks.
• Don’t click on links: Avoid clicking links in suspicious emails. Otherwise, you could trigger a malware download or get redirected to a phishing website.
• Set up dark web monitoring: Services that monitor the dark web notify you if your email or personal information has been exposed, so you know to watch for scams and suspicious activity.
• Use purpose-based email accounts: Consider keeping separate email accounts with unique login credentials for shopping, social media, work, and personal communication. This limits the fallout if one account is compromised.
• Maximize security settings: Enable two-factor authentication (2FA) and review privacy settings on your accounts to make it harder for scammers to gain access, even if they get your login details.

What to do if you fall for a Geek Squad scam

If you unknowingly give a Geek Squad scammer your personal information directly or click a sketchy link, follow these steps to help prevent identity theft and financial losses:

• Protect your credit: Set up a fraud alert or freeze your credit with the credit bureaus. This helps stop criminals from opening up new lines of credit in your name.
• File a report: Report the scam to the Geek Squad support team via an official channel, your email provider, the Federal Trade Commission (FTC), and the Internet Crime Complaint Center (IC3). If you sustained financial losses, you may also need to contact the local police and let your bank or credit card issuer know.
• Update your login credentials: Change the passwords for any accounts that may have been affected, especially if you used the same password elsewhere.
• Watch your financial accounts: Regularly check your accounts for unusual activity, like unexpected transactions or logins. If you see anything strange, contact your bank or card issuer immediately.
• Run a malware scanner: Scan your devices with trusted antivirus or anti-malware software to find, quarantine, and remove any malicious programs.
• Invest in identity theft protection tools: Identity theft protection tools, such as LifeLock, can help protect against identity theft by alerting you to sensitive data exposure and assisting you through the recovery process if fraud occurs.

Help safeguard your information from scammers

Geek Squad scams impact thousands of people every year. Even if you play it safe, it could impact you too. Protect yourself with LifeLock, which can help alert you to data breaches, sensitive data leaks, and dark web exposure so you know if your personal information is at risk.

Plus, if a Geek Squad scam turns into identity theft, you’ll have peace of mind knowing that LifeLock’s dedicated U.S.-based restoration specialists are standing by to help you recover both your identity and stolen funds or identity theft-related expenses.

FAQs

What is Geek Squad?

Geek Squad is a subsidiary of Best Buy and provides 24/7 technical support for its members over the phone or online chat. You can also take your product to a Best Buy store and speak to a Geek Squad agent in person.

How do I report a fake Geek Squad email?

If you believe you received a scam Geek Squad email, report it to Geek Squad, the FTC, and the IC3. You can also mark it as spam to help your email provider catch future scam emails.

How to verify if a Geek Squad email is legitimate?

If you’ve already checked for common signs of a Geek Squad scam email and still can’t tell if it’s legitimate, it’s best to contact Best Buy support directly. From their support site, you can contact Geek Squad via a contact form or by phone at (888) 237-8289.