by Jon Lober | NOC Technology
We continue our series on phishing scams that are currently making the rounds. This week, we will take a look at another phishing email received by one of our staff members in their personal accounts. A quick internet search reveals that this Geek Squad email invoice scam has one has been making the rounds for at least a year—and probably much longer.
So, what did the scam look like, how did our staff member catch it, what should you do if you receive it, and what should you do if you fell for it?
Read on.
If you need a refresher on what phishing is and why it matters, you can read our introductory article on phishing before you continue.
In general, this is a very simple “wide-net” phishing scam. It uses basic phishing methods in order to allow for the widest possible set of potential targets. By doing so, the scammer hoped to ensnare a few victims by a shotgun approach instead of a precision attack.
Here are the specifics.
In June 2023, our staff member received an email in his personal Gmail inbox titled “Regarding the specifics of your membership” from “Erwliu Verwano.” An invoice with the file name “Membership Purchased #450968409457.jpg” was attached to the email and prominently featured the Geek Squad logo.
The invoice was for a Geek Squad subscription for protection of a personal Windows computer had been auto-renewed for a total of $419. The invoice notified the staff member that the auto-renew would be charged to his account unless he called the number listed in the invoice within the next 24 hours.
If our staff member would have called, the scammer would have likely picked up the phone and done one of the following:
The scammer would have then used any information or access provided to install malware or illicitly access the victim’s accounts. The scammer could then make fraudulent purchases, steal directly from victim’s bank accounts, or infiltrate the victim’s network to identify and attack additional victims.
This is a pretty sloppy scam, yet a few of the methods that the phisher used could be enough to trick some users.
Although the phisher has put some effort into their attempt, this particular email is riddled with errors that should raise red flags for potential victims right out of the gate. Anyone with even rudimentary awareness should be suspicious from the very beginning.
Combined, these red flags are enough evidence for a recipient to firmly conclude that this email is not legitimate. Our staff member quickly recognized the signs of phishing email, and the phisher ended up with any empty net.
However, many people still fall for such attacks. People at higher risk for falling for this attack includes people with:
Attempts are currently common and often painfully effective. In October 2022, the FTC (Federal Trade Commission) issued an alert to consumers about Geek Squad-related phishing. The FTC asks users to report any fraud and their website makes it simple to do so. Best Buy also requests that you report such emails to them for investigation by calling them at 1-888-237-8289.
Finally, once you have reported the scam. Report the email as phishing to your email service provider.
To summarize, if you encounter such communication:
If you paid a scammer through Western Union, MoneyGram, or a debit, credit, or gift card, you should immediately contact the financial institution that facilitated the payment and let them know that it was a fraudulent charge and ask them to reverse the payment or refund your money. If you sent cash through the USPS, you can attempt to intercept your package before the scammer receives it. If they receive the cash, or if you paid in cryptocurrency, you will probably not be able to recover your money.
If a scammer has access to your personal information such as your social security number or financial information, visit identitytheft.gov to report the theft and put together a plan to recover your identity.
If you gave a scammer your username and password, or suspect that they have remote access to your phone or computer, you should run antimalware software on your computer immediately and seek professional help from a cybersecurity expert.
The FTC maintains a helpful page of advice and resources for anyone that has fallen prey to a phishing scam and provides specific instructions for what to do in your particular dilemma. In many cases, you will have a better outcome if you can respond as quickly as possible to the issue. Act quickly and seek professional assistance if you feel that the issue is beyond your ability to address.
Contact us
Existing Customers
IT Support Near Me
IT Support based in Franklin County, MO | 1816 Hwy A, Washington, MO 63090