Best Buy 'Fraud Alert' Email Scam
An email claiming to be a 'Fraud Alert' from Best Buy is actually a scam designed to trick people into divulging their personal information to identity thieves via bogus Websites.
Circulating since: June 2003
Email example contributed by J. Drucker, June 18, 2003:
Subject: BestBuy Order #1095619. Fraud Alert.
Recently we have received an order made by using your personal credit card information.
This order was made online at our official BestBuy website on 06/17/2003. Our Fraud Department has some suspicions regarding this order and we need you to visit a special Fraud Department page at our web store where you can confirm or decline this transaction by providing us with the correct information.
This e-mail address has been taken from National Credit Bureau.
Click the link below to visit a special Fraud Department page to resolve the cause of the problem.
- UNVERIFIED SHIPPING ADDRESS
- Information provided:
In our effort to deter fraudulent transactions, we need your help in providing us with the correct information. Your prompt response is needed to avoid any unauthorized charges to your credit card.
Analysis: Ironically, the above message purporting to warn recipients of fraudulent activities is itself a scam designed to trick you into revealing personal information, including your home address, telephone number and credit card number, to identity thieves. Do NOT visit the site linked from the email, nor fill out any forms you find there. The "Fraud Department" page may look like it belongs to the official BestBuy.com Website, but it does not.
A recorded message on Best Buy's toll-free customer service line (1-888-BESTBUY) says the company became aware of the "unauthorized hoax email" on Wednesday, June 18 and is currently investigating its origin. "We urge you not to provide information in response to it," the recording continues. "If you have already provided information in response to this email, contact your bank or credit card company immediately."
Judging from the large number of copies forwarded to me by readers in the space of a few hours, this email was spammed far and wide on June 18 (including outside the U.S.). At least three different dummy Websites (probably more) were set up to resemble BestBuy.com with fill-out forms requesting detailed personal information. "The site was an excellent replica of the Best Buy site and was apparently up for about an hour," wrote a reader who visited one of the ersatz pages. "As of 2:47 pm PST, this page was pulled down - about 15 minutes after I accessed it." When I visited a different address linked from another copy of the email later the same day, it was still operational.
This is only the most recent outbreak of an Internet scam that has been around for years, previously targeting customers of such companies as America Online, Earthlink and PayPal. Users should always be wary of attempts by others to gather their private information online. Always check hyperlinks to make sure they're sending you where they claim to be sending you (which you can do, for example, by positioning your cursor over the link and checking the destination URL that appears in the status bar at the bottom of your browser). In the present case the link as it appears in the email seems to go to www.BestBuy.com/fraud_department.html (a page which never existed in the first place), but actually sends users to a Website with a completely different domain name, not to mention a completely different agenda.
Update: FTC: Thousands May Have Become Identity Theft Victims
Email This Article
Sources and further reading:
Best Buy Alerts Consumers of Fraudulent Spam Email
Best Buy press release, 18 June 2003
PayPal Users Hit with Another Scam
PC World, 6 March 2003
Internet Scams Top Consumer Fraud
PC World, 23 Jan 2003
Last updated: 06/18/03