An email scam has been proliferating since at least last April, where victims receive an invoice claiming to be from BestBuy’s Geek Squad or TotalTech. The fake invoice claims the victim is being billed for a subscription service.
The alleged pricing is just enough to get victims to react; the latest invoice claims Geek Squad is charging $359.99 for a two-year “security services” plan.
Recipients of the scam email are told, in the invoice itself (odd grammar preserved):
“If you didn’t authorize this charge, you have 24hrs. to cancel & get an instant refund of your subscription, to cancel the subscription , reach us at : +1 813 776 1450.”
Here’s what you need to know to avoid getting scammed.
In the variations of this scam that we’ve observed, the scammers leverage legitimate invoicing services to send fake invoices. Their use of a legitimate service helps their emails get past spam filters.
Earlier variants of the scam used Intuit’s QuickBooks; we went into detail about this same in Fake “Geek Squad” emails: Call center scam leverages Intuit QuickBooks servers.
Later variations of the scam sent invoices via PayPal. In some cases, they told users they had subscribed to Norton or McAfee software, or were being billed by “Bitcoin Exchange.”
A new version of this scam has surfaced, and it uses a more obscure company called Housecall Pro. This company apparently offers scheduling, dispatching, and invoicing services for small businesses. They typically work with companies that do home repairs, landscaping, and cleaning.
Like any online accounting service, Housecall Pro lets people issue invoices. Since they come from a legitimate company, these emails are less likely to be flagged as spam than emails sent from any random address.
As in the previous versions of this scam, the invoices may look legitimate at first glance. They have a Geek Squad logo and mention its parent company, Best Buy.
This specific scam email variant has the subject line:
Invoice 6520091735 from Geek_Squad® +1 813 776 1450
And the body of the email reads as follows:
Your invoice from Geek_Squad® +1 813 776 1450
Hi ,
Thank you for choosing Geek_Squad® +1 813 776 1450. Please see attached invoice due upon receipt.
Invoice Number: 6520091735
Service Date:
Invoice Date: Jan 17, 2024
Service Address:
Note that the service address is left blank. The remainder of the email contains the text of the invoice, which looks like this:
As in the other versions of this scam, the phone number to call to contest the charge is staffed by fraudsters. We called one of these call centers last year to see how they worked. The scammers tell callers to download a “Secure Support App.” If someone installs this app, scammers may trick victims into leaving the support connection open while logged into their online banking account; thus the scammer can steal money from the victim. Moreover, they be able to exfiltrate data from your computer, or plant malware to give the attacker further access later on.
Many people will fall for this scam. They could have important data, such as usernames and passwords, exfiltrated from their devices; the software they download allows the scammers to take control of their computers. In some cases, the scammers may even steal money directly from their bank accounts.
One difference with the scam this time is the use of phone numbers with the 813 area code; this happens to be associated with the Tampa, Florida area. However, this doesn’t mean the scammers are located there. The number forwards to a call center, which may not even be located in the United States. Previous versions of this scam used toll-free numbers. The area code alone should be suspicious, unless you happen to live in Florida.
Not everyone lives near or shops at a Best Buy. But if you have bought something recently from one of their stores, you might not be surprised to see such an email. And you might react to it, thinking that the company is trying to sell you a subscription to a service you never agreed to. The prices on these invoices are high enough to make people upset and act rashly.
Best Buy is obviously not responsible for this scam. However, the companies who let scammers issue fraudulent invoices have some culpability. For large companies like Intuit and PayPal, it might be difficult to manually police this sort of thing. But at the same time, companies of that size also likely have the resources to develop automated methods to detect and stop such fraud, if they really wanted to. Meanwhile, the scammers find new services to exploit, or new ways to exploit a service they’ve used in the past to generate or send fake invoices.
Beware of any email of this sort, especially if it doesn’t contain your full name and home address. You don’t owe Best Buy anything, and can safely delete these emails if you’d like to. Or better yet, you can follow our guide below on how to report scam emails to the authorities.
For fake invoices that appear to have been sent through Housecall Pro, you can forward them to support@housecallpro.com.
If you get a fake invoice that appears to have been sent through Intuit, you can forward it to security@intuit.com.
For fraudulent invoices that appear to come from PayPal, you can forward them to phishing@paypal.com.
It’s also a good idea to forward scam and phishing e-mails to the U.S. Federal Trade Commission (FTC) at spam@uce.gov. Additionally, you can CC the Anti-Phishing Working Group at reportphishing@antiphishing.org. The APWG is a coalition of international law enforcement agencies and tech companies that work together to take down identity thieves and fraudsters.
If you believe you’ve fallen victim to one of these scams, inform the FTC; go to ReportFraud.ftc.gov and fill out the form. You may also find it helpful to review Intego’s video about how to report scams before submitting your report.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: