Is this Geek Squad renewal email a scam?
You opened your inbox and there it was. A clean-looking invoice from “Geek Squad” or “Best Buy Geek Squad Protection” thanking you for a $349 renewal, with a customer service number to call if you want to dispute the charge. You never signed up. Your card has not been billed. Your stomach is somewhere on the floor.
Yes, that email is a scam. The actual goal is not the fake renewal. The goal is that phone number.
How the trap closes after you call
If you call the number to dispute the charge, a calm agent picks up. They sound professional. They sound apologetic. They tell you they can issue a refund, but you will need to install a quick screen-sharing app so they can guide you through the form on your bank’s website. People walk through it without thinking twice, because the agent is the one who supposedly made the mistake, and you just want your money back.
Once your screen is shared, they ask you to log into your bank, then have you type a refund amount into a chat box rather than a website field. While you do that, they silently move money from one of your own accounts to another, then claim you typed the amount wrong and now they accidentally sent you too much. The shame and panic is what they are after. They lean on it to get you to send back the difference in cryptocurrency, gift cards, or a wire. The money in your account never came from them. It came from you.
This pattern shows up under many names. Norton refund. McAfee renewal. PayPal billing dispute. The Geek Squad version is the most common right now because Best Buy is a household brand and the dollar amount sits in the believable range.
What to do in the next ten minutes
Do not call the number. Do not reply. Do not click any link in the email, even the unsubscribe one. The link is part of the bait.
If you already called and did not share your screen or hand over anything, you are fine. Delete the email and move on.
If you installed any software the “agent” asked you to install, turn off your Wi-Fi, then uninstall it. On Windows, that usually means AnyDesk, UltraViewer, TeamViewer, or anything you do not remember installing yourself. On a Mac, check your Applications folder for the same names. Restart the computer afterward.
If you logged into your bank with them watching, call your bank from the number on the back of your card. Tell them you may have been part of a tech-support refund scam and ask them to flag the account, force-reset your online banking credentials, and review the last 48 hours of transfers. If your email account uses the same password as your bank, change it from a different device.
If you sent money in gift cards, hold on to the cards and the receipts. Report at reportfraud.ftc.gov and at ic3.gov. The FTC report does not trigger an investigation on its own, but it creates a paper trail that helps later.
When this is bigger than a single email
If you have already wired funds or sent crypto, the recovery path narrows quickly, and the most important next step is preserving evidence the right way before anything is deleted. Our short guide on what to save and how is at how to preserve evidence in the first 24 hours. For smaller losses where you want help walking through reports and freezing accounts, see our investigation help page. For court-grade attribution on larger or contested cases, our parent firm Rexxfield handles civil and criminal-court work.
A note on tone, because this email is designed to make you feel slow and embarrassed. You are not slow. The script has been refined against millions of inboxes, and it works on engineers, accountants, and retired federal agents. The fact that you stopped to check is the only thing that ever matters here.
— GCCI