| Best Buy 'Fraud Alert' Email Scam | |||
|
| |||
| Netlore Archive: An email claiming to be a 'Fraud Alert' from Best Buy is actually a scam designed to trick people into divulging their personal information to identity thieves via bogus Websites | |||
| |||
Email example contributed by J. Drucker, 18 June 2003:
|
Subject: BestBuy Order #1095619. Fraud Alert.
Dear customer, Recently we have received an order made by using your personal credit card information. This order was made online at our official BestBuy website on 06/17/2003. Our Fraud Department has some suspicions regarding this order and we need you to visit a special Fraud Department page at our web store where you can confirm or decline this transaction by providing us with the correct information. This e-mail address has been taken from National Credit Bureau. Click the link below to visit a special Fraud Department page to resolve the
cause of the problem.
=============================================
- UNVERIFIED SHIPPING ADDRESS
- Information provided:
In our effort to deter fraudulent transactions, we need your help in
providing us with the correct information. Your prompt response is needed to
avoid any unauthorized charges to your credit card.
=============================================
|
Comments: This message is a scam designed to trick you into revealing personal information, including your home address, telephone number and credit card number, to identity thieves. Do NOT visit the site linked from the email, nor fill out any forms you find there. The "Fraud Department" page may look like it belongs to the official BestBuy.com Website, but it does not.
Judging from the large number of copies forwarded to me by readers in the space of a few hours, this email was spammed far and wide on June 18 (including outside the U.S.). At least three different dummy Websites (probably more) were set up to resemble BestBuy.com with fill-out forms requesting detailed personal information. "The site was an excellent replica of the Best Buy site and was apparently up for about an hour," wrote a reader who visited one of the ersatz pages. "As of 2:47 pm PST, this page was pulled down — about 15 minutes after I accessed it." When I visited a different address linked from another copy of the email later the same day, it was still operational.
This is only the most recent outbreak of an Internet scam that has been around for years, previously targeting customers of such companies as America Online, Earthlink and PayPal. Users should always be wary of attempts by others to gather their private information online. Always check hyperlinks to make sure they're sending you where they claim to be sending you (which you can do, for example, by positioning your cursor over the link and checking the destination URL that appears in the status bar at the bottom of your browser). In the present case the link as it appears in the email seems to go to www.BestBuy.com/fraud_department.html (a page which never existed in the first place), but actually sends users to a Website with a completely different domain name, not to mention a completely different agenda.
More tips: How to Detect Email Scams
Update: FTC: Thousands May Have Become Identity Theft Victims
Sources and further reading:
Best Buy Alerts Consumers of Fraudulent Spam Email
Best Buy press release, 18 June 2003Email Scams You Should Avoid
About: Family Internet, 16 June 2003PayPal Users Hit with Another Scam
PC World, 6 March 2003Earthlink Scam Is a Classic
TechTV, 13 Feb 2003Email Scam Targeting AOL Users
New York State Consumer Protection Board, 10 Feb 2003Internet Scams Top Consumer Fraud
PC World, 23 Jan 2003
Last updated: 06/18/03
