Best Buy & Geek Squad Phishing Email Attacks

What is happening?
We emailed you back in September about phishing emails that purport to come from Best Buy and Geek Squad. Many of you have reported them as phish to Google and we want to thank you for being proactive. Marking these emails as phish not only strengthens the Google filters but also sends us a notification so we can investigate further. Learn how to report an email as a phishing in Google.

Unfortunately, there has been an increase in this type of phishing to our fitnyc.edu domain. So we ask you to be even more vigilant. Because these emails often bypass the automated spam filters using “uniqueness”:

• Sending from random, unique “gmail.com” accounts

• Changing subject lines frequently

• Creating unique names for the fake invoices that are attached as JPG files

The most recent subject lines we have seen include: 

• You can now check your refund status 

• ORDER NEEDS CONFIRMED. 

• Please confirm your order!

• WARNING! YOUR PAYMENT INFORMATION IS MISSING

What can you do to protect yourself?
You, our employees, are our best defense against malicious emails that are able to bypass the automated filters. 

• Do not trust unsolicited calls, text messages, or instant messages.

• Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.

• Make sure you have a trusted, up-to-date, and active antivirus software installed on your home computer.

• If you are a Best Buy customer, review and become familiar with Best Buy’s Privacy Policy which acknowledges these known scams.