Geek Squad Scam claims your subscription will be renewed
Contents
Geek Squad Email Scam is a newly discovered email spam campaign designed to confuse the recipients and trick them into calling a number provided. The email contains a subject line stating “Transaction Confirmation” and its contents suggest that the user’s subscription to Geek Total Protection has been renewed “as per electronic consent” allegedly provided by the computer user. The email also falsely claims that a high amount of money, for example, $499.99 has been charged for the services. Finally, the email includes a scammer’s phone number (1+808-666-6112).
Geek Squad (Best Buy subsidiary) is a company that provides support through in-store, on-site, over the Internet via remote access, and also via telephone regarding all consumer electronics. However, this company has nothing to do with the scammers who use its name for committing fraud. Therefore, if you have received this described email, just ignore it.
Examples of Geek Squad Email Scam emails
The design of Geek Squad Email Scam campaigns is similar, and so are the messages from the criminals. Here is an example of a scam that claims the user will be charged $579.99 for a 3-year subscription. The number provided by the scammers is 1-888-695-6573.
We Are Renewing It For You
Dear Customer Your Personal Subscription With Geek Squad Will Expire Today. The Subscription Will Be Auto Renewed. Hope Your Are Happy With The Services.
Another scam claims the user will be charged $399.99 due to auto-renewal of plan for 2 years. The scammers also include a fake order summary and provide a hotline phone number – 1-888-738-8146.
Dear Customer
Thank you for choosing our services. We are reaching out to remind you that your computer Protection Annual subscription has expired and Auto-Renewed today.
We would like to thank you for the completion of the maintenance plan.
You can see screenshots of these scam emails below.
As it can be seen from these examples, the scammers are trying to replicate the design of the real Geek Squad Emails as they include the official logo and promotional banners used by the company. These emails usually claim that a certain amount of money will be deducted from the user’s bank account, which causes fear for the target and prompts them to call the phone number provided.
What may happen if you call the scammers
If the victim gets caught on the scammer’s hook and believes that the claims provided by the Geek Squad Email are real, one might try contacting the company via provided number. The victims rush to get some explanation on why they have been charged – sometimes even without checking their bank balance first.
After calling the provided number, the victim will be greeted by a scammer who will pretend to be a Geek Squad’s employee. From this point, there are many scenarios that the scammer has prepared in advance. Therefore, it can go in variety of ways. For example, the scammer might try to swindle valuable information from the victim – including full name, credit card details, social security number, and other data.
In other scenarios, if the victim insists on cancelling the subscription, they might request a cancellation fee to be paid to them.
On top of that, the scammer might create stories why the victim needs this subscription or claim that there was a problem detected on victim’s computer or home network. At this point, they may request to connect to victim’s computer remotely. They may detect an issue, pretend to fix it and require payment for applying the “fix.”
After gaining remote access to victim’s PC, the crooks may also silently install malware on the computer. If this is the case, you may want to use a robust antivirus solution to remove the malware and then download RESTORO to repair virus damage on Windows OS files. Below this scam description, we have provided instructions how to delete malware easily using Safe Mode with Networking on Windows.
Threat Summary
| Name | Geek Squad Email Scam |
| Type | Email Scam, Phishing, Telephone Scams |
| Email subject line | Transaction Confirmation, Your Order Receipt From [date], Check Your Invoice, Thank You |
| Deceptive statement | We have renewed your subscription as per your electronic consent. This email is to inform you that an amount of $499.99 has been charged for the services. |
| Scammers’ email addresses | imocor@consulnetti.com |
| Contact phones | +1-808-666-6112, 1-888-738-8146, 1-888-695-6573 and others |
| Potential damage | After communicating with the scammers via email, the victim may be tricked into revealing personal information, credit card details, or credentials to remotely access one’s computer. As a consequence, the criminals might actually swindle money from your or even drop malware on your computer. |
| Distribution | Email spam campaigns |
| Removal | If you suspect that scammers dropped malware on your computer via remote desktop connection, remove it from your PC using trustworthy software. To repair virus damage on Windows OS files, consider scanning with RESTORO (secure download link). |
REPAIR VIRUS DAMAGE
Scan your system for FREE to detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically. Includes Avira spyware/malware detection & removal engine.
How to identify and avoid phishing emails
In general, scammers use phishing emails to extract sensitive information or gain remote access to victim’s computer to perform some illegal actions on it. The analysis of such emails over time showed that threat actors use similar patterns of deceptive social engineering tactics. Let us provide you with some tips on how to recognize such emails and avoid them.
- Do not trust that the sender’s email is legitimate – it might be spoofed. If you have some concerns regarding the email you just received, but the sender’s email appears to be coming from a well-known company or a person – check if it wasn’t spoofed. Email spoofing is a technique that allows the attacker to display a different sender’s email for the recipient rather than the original one.
- Look out for urgent calls for action or threats. Scammers try to create a false sense of urgency to trick the target into acting without thinking. They seek to force the victim to search for solution to avoid potential problems described in the email even without checking the facts or researching the credibility of the sender’s statements.
- Check for text errors. Scammers rarely know a thing about perfect grammar. Although they try their best to compose convincing emails that also include backgrounds, images and logos, it is still easy to spot that the email wasn’t sent by a reputable company since there are some easily noticeable typographical, spelling, preposition or punctuation errors.
- Inspect the greeting line. Most of scam emails are sent out using automatic tools that are programmed to insert the recipient’s name using the prefix part of the email address. That said, you should know that legitimate companies usually know your real first and last name and address you by your full name. For instance, if your email address is sunflower99@exampleemail.com, the scammer most likely will greet you with “Dear Sunflower99” or similar line rather than using your real name. Likewise, some scammers simply use “Dear valued customer” or “Dear Sir/Madam” when addressing potential victims.
- Ask yourself if you have any connection with the sender of the email. For example, think whether you have ordered any products or services from the respective online store that the email sender claims you did so. If you didn’t, do not interact with the email attachments, links, and do not call numbers provided in it. If you want to investigate further, find the company’s contact information online rather than using those provided by the suspected spammer. Reach out to the company and ask if it has sent you this email.
- Do not rush to click on links or open email attachments. Lastly, avoid interacting with URLs or files attached to the email. Phishing emails often include attachments that seem to be regular documents. Unfortunately, they may contain scripts that are used to download and run malware on victim’s computer. In general, if you are sure that the email isn’t dangerous and you want to open the attached file, make sure you do not open it directly, but save it and scan with an antivirus first.
Remove malware from your computer
In case you have had interactions via telephone with scammers and even worse, if you were tricked to provide remote desktop connection to your computer, we strongly advise that you scan your PC with a robust antivirus solution to remove malware and other threats that may have been installed by the criminals. You can find a comprehensive and free tutorial below.
OUR GEEKS RECOMMEND
Our team recommends removing malware using a professional antivirus software and then using the following tool to repair virus damage to Windows system files:
REPAIR VIRUS DAMAGE TO YOUR COMPUTER
RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.
RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.
Read full review here.
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
malware Removal Guidelines
Method 1. Enter Safe Mode with Networking
Step 1. Start Windows in Safe Mode with Networking
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in Safe Mode with Networking, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to start Windows in Safe Mode:
Instructions for Windows XP/Vista/7 users
- First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
- Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.
Instructions for Windows 8/8.1/10 users
- Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.
Step 2. Remove files associated with the virus
Now, you can search for and remove malware files. It is very hard to identify files and registry keys that belong to the virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. We recommend using SYSTEM MECHANIC ULTIMATE DEFENSE , which can also restore deleted files. Additionally. we recommend repairing virus damage using RESTORO.
Special Offer
Compatibility: Microsoft Windows
See Full Review
RESTORO is a unique PC Repair Tool which comes with an in-built Avira scan engine to detect and remove spyware/malware threats and uses a patented technology to repair virus damage. The software can repair damaged, missing or malfunctioning Windows OS files, corrupted DLLs, and more. The free version offers a scan that detects issues. To fix them, license key for the full software version must be purchased.
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Step 1. Boot Windows in Safe Mode with Command Prompt
Instructions for Windows XP/Vista/7 users
- Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
- Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.
Instructions for Windows 8/8.1/10 users
- Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.
Step 2. Start System Restore process
- Wait until system loads and command prompt shows up.
- Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
- This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before the malware infiltration.
- Click Yes to begin the system restoration process.
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
Latest email 9/13/2022 – I have received several emails in the past year from, what appeared to be Geek Squad. The person it is directed to is “Rose” which is not my name. No one in my family is named Rose. It informs “Rose” that her 5 year membership has been renewed for $670.99. It contains a customer #, transaction #, and the order #. The email looks very legitimate but it is not. I have never subscribed to or been affiliated with Geek Squad. Do not reply directly to the email. Do not click on any link (including “unsubscribe”), Do not call the included phone number.
For one thing, even if they did have such a subscription it sure as hell wouldn’t be $399. lol. I thought there would be a virus link, but instead it was scam by phone. So I searched and found the scam explained just as I thought I would.
These India people are very bad. Horrible.
Helpline number 302 403 0062. Someone picked up and wanted to get access to my computer and I have to hang up
I hate to admit it but I got bitten by this scam.
First I got an email saying they were auto renewing my subscription for three years for $349.99 and they would be charging my credit card within 24 hours. . They also attached an invoice from Best Buy / Geek Squad.
I was incensed and called the number on the invoice 1-802-214-8338. I told them I DID NOT authorize this charge. I truly thought I was talking to Best Buy / Geek Squad.
At that point they started to reel me in.
The rest is a nightmare. He took over my computer, had access to all of my personal information and I am sure I will still have problems with identity theft.
He took me for over 10,000.00.
On the good side my bank, after their investigation, will probably refund the money I lost but I am still working on filling a claim with the FBI or assisting my bank with filing. Need to talk to them tomorrow or Tues.
mailto:hannawareuilb@gmail.com
Phishing Scam
Now they are using a mail Adresse drin ICloud. I recieved a mail yesterday with a attached bill (PDF), which I have ooened. About 245 Dollars.
The email adress was: Lily.sheppard44[@]icloud.com
Just got a text with the 888-576-9533 number
The number on the email I received was 802-321-0108, FYI
I just got a call saying geek squad auto-renewal for $369 would go into effect if i just hung up. Or Press 1 to talk to someone. I hung up and am hoping there will be no charges anywhere for it. I will watch all accounts. the number that caller ID showed was 757-962-9061. probably a spoofed number, comes back to a regular person in Virginia.