6 common Geek Squad scams and how to defend against them

The article discusses the rising threat of scams impersonating Geek Squad, the tech support division of Best Buy, which has become a prevalent target for cybercriminals over the years. With three decades of established trust, Geek Squad has unfortunately been leveraged by scammers to exploit consumers, leading to it being the most impersonated brand in the United States as indicated by complaints to the Federal Trade Commission in 2023.

Scammers utilize various familiar tactics, all rooted in social engineering principles. They create urgency or fear to compel victims into uninformed responses. Commonly seen scams can be categorized as phishing (email scams) or vishing (voice phishing). Key fraudulent strategies include auto-renewal scams, invoice fraud, fake antivirus notifications, bogus password alerts, and fraudulent tech support calls. These scams often urge victims to either click on malicious links or provide sensitive information under false pretenses.

The auto-renewal scam typically involves victims receiving emails announcing a non-existent subscription that is supposedly about to renew, redirecting them to a counterfeit site requesting personal data. Similarly, invoice fraud involves emails that appear to bill for services that were never rendered, sometimes using real account details obtained through hacking, thereby adding an illusion of legitimacy.

In the case of fake antivirus notifications, victims are misled into believing a software subscription is due for renewal, prompting them to divulge personal and financial information when they click through. Bogus password alerts might claim unauthorized access attempts to a victim’s account, leading them to phishing sites designed to collect sensitive data. Other scams might offer fake protections against online threats, attempting to lure users into downloading malware disguised as legitimate anti-virus software.

Tech support scams remain one of the oldest tactics, where victims receive unsolicited calls from so-called tech experts claiming their devices are infected. Posing as Geek Squad representatives, these scammers frequently request remote access to instal malware or to trick individuals into purchasing non-existent antivirus software. Some scammers employ search engine optimization strategies to ensure their fraudulent sites appear at the top of search results, further entrapment potential victims.

To protect oneself from these scams, consumers are advised to scrutinize sender email addresses, particularly those that create a false sense of urgency regarding financial matters. Unsolicited communications asking for personal information, particularly through email or calls, should raise immediate suspicion. Best practices include verifying the legitimacy of any unsolicited correspondence with Geek Squad directly and avoiding clicking on any suspicious links or attachments.

In the unfortunate event of falling victim to a scam, actions that should be taken include freezing credit/debit cards, reporting fraudulent charges, changing account passwords, and enabling multi-factor authentication. Victims should also promptly update their security software and report incidents to the FTC or appropriate authorities. As scammers constantly evolve their tactics, remaining vigilant online is critical for consumer protection against these increasingly sophisticated schemes.