As part of my website maintenance, security monitoring and backup services, one of the things I routinely do for my clients is responding to emails from them asking if an email they have received about their website or email is spam. I also recieve many of those emails on their behalf, where I am listed as the contact email (and phone number) on their website hosting account. This makes me the first line of defence against hacking attempts directed at my clients.
But if you are not (yet!) one of my clients, then here is some help figuring out if an email, phone or snail mail solicitation, invoice or ‘receipt’ is legitimate.
Some things to check to determine if a message you receive is a scam
1 Who sent it?
Check the email address the message is coming from. Is it on the same domain as the company? If you do a google search for the company, does it bring up the same domain address? If the ‘invoice’ is coming from a gmail address, unless it is a very tiny (and internet unsavvy) company, it’s not a real invoice.
Do you already do business with this company? Does the name seem familiar? If this bill is aimed at a Telus customer and you have no products with Telus, then you can safely delete it.
2 How did they send it?
If you receive an invoice by mail from an internet hosting or domain services company, you can put it in the paper recycling without reading it. It is definitely not real. Internet companies never mail you things. Scammers do this to catch folks accustomed to mailed invoices. They are never legitimate.
3 Can you verify it?
If you aren’t sure, log in to your customer account with the provider using a link *not* provided in the email, such as by searching on the company name in a search engine, and see if you are showing an amount owing. If you are not, then it is not legitimate. Call the company, again using a phone number you get by searching, not by reading the letter or email, and verify it with the real company.
Here is an example of a scam attempt I received last year
I received this email on behalf of a client.
Thank you for showing interest in our services again. Your order has been received and renewed successfully.
We have processed the amount of $399.94 against your subscription plan which will be shown on your statement shortly.
Subscription Order Summary
Customer Order Id – 921-476-8354
Renewal Date – 23 Dec, 2021
Expiration Date – 22 Dec, 2022
Order Status: Renewed
Payment Method – Direct-Debit
Geek Secure Protection Plus Device Software
Max Security Premium Plan
This annual subscription amount has been deducted as per your service agreement instructions and it will be deducted every year unless cancel by you.
In case you wish to change your payment preference or cancel the subscription, feel free to connect with our team at +1 888 612 9258
Thank you for your order!
Kind Regards ,
Geek Security Team
24*7 Helpline # +1 888 612 9258
Analyzing the Scam
This was a scam attempt that is trying to con me into calling them so they can ‘verify’ my credit card information. Here’s how I know this is a scam.
- I never bought anything from Geek Squad (which is a legitimate service offered by Best Buy)
- They don’t provide my name, the purchase date, the name of my device, the specific software they are claiming to be supporting, the store location I bought it from, the last 4 digits of the credit card I paid with, or any other information I can verify without calling them.
- The email was sent by joyjohnson9055 @ gmail.com – This is confirmation it’s a scam.
It is very likely that this email address is owned by a real person and this scammer has hijacked it to send these scam messages out, so don’t blame the owner of this address, as they are probably as unhappy with it as anyone who got taken in by this scam is. If this email had been from Bestbuy.com (the company that owns Geek Squad) with some relevant information, or my actual name, then that would have lent credibility, and I would have called or emailed them directly with a query as to whether this was legitimate and letting them know they’d made a mistake.
- A search engine search of Geek Squad email scam returns the following link reporting an almost identical scam, that the person checked out directly with Geek Squad. Another user reports that if you call, the scammer tries to get you to fill out a form on your computer and will not supply any validating information. Never give details or do anything on your computer in response to a request like this.
Here is some more information on my backup maintenance and security monitoring service for your website and email.
Photo by Pickawood on Unsplash