Geek Squad Renewal Scam
An email with Best Buy’s logo announces your Geek Squad Total Tech support plan has automatically renewed for $399. You don’t remember signing up for that. The email says to call a number within 24 hours to cancel. You call. The person who answers is not Best Buy. They will spend the next 30 minutes getting remote access to your computer and your bank account.
What Is the Geek Squad Renewal Scam?
The Geek Squad renewal scam is a tech support fraud that uses a fake subscription renewal notification as bait to lure victims into calling a scam phone number. Best Buy’s Geek Squad brand is one of the most widely impersonated in the United States — recognized by tens of millions of Americans who have purchased electronics or service plans from Best Buy, making the fake renewal feel immediately plausible to a large potential victim pool.
The scam operates in two main delivery variants. The direct email variant sends a convincingly branded fake renewal notice from a spoofed or near-matching email address, with a phone number embedded in the body. The PayPal variant sends a genuine PayPal invoice for a fake Geek Squad charge — arriving from PayPal’s real servers and landing in the inbox as a legitimate email. Both variants converge on the same outcome: the victim calls a number, reaches a scammer posing as a Best Buy or Geek Squad agent, and is walked through a remote access attack.
The FTC has consistently listed tech support impersonation — with Geek Squad as one of the most reported brand names — among its top consumer fraud categories by volume. The median individual loss far exceeds the stated fake charge because the remote access that follows the phone call enables attackers to access banking apps, authorize transfers, and steal credentials across multiple accounts simultaneously.
How the Geek Squad Scam Works — Step by Step
The Renewal Email
A mass email blast reaches recipients carrying Best Buy’s blue and yellow branding, Geek Squad logo, and official-looking invoice formatting. The email states that a Geek Squad Total Tech Support plan or Protection Plan has auto-renewed — for $299, $349, $399, or $499. An order confirmation number and renewal date are included to add authenticity. A phone number is prominently displayed for cancellation, accompanied by urgency language: “If you did not authorize this charge, call within 24 hours.”
The Scam Call
When the victim calls, a professional-sounding agent answers with a Best Buy or Geek Squad greeting. They confirm the renewal charge and express apologetic concern. To process the cancellation and refund, they need to access the victim’s account — which requires either the victim’s Best Buy login credentials or, more commonly, installation of a remote access tool (AnyDesk, TeamViewer, or Quick Assist) so the “agent” can “handle the cancellation directly.”
Remote Access and Financial Theft
Once remote access is granted, the scammer navigates to the victim’s banking applications or browser-saved passwords while the victim watches what appears to be a normal support session. Some operations run an overpayment scheme — they “accidentally” deposit too much during the refund and ask the victim to send back the excess via Zelle or wire transfer. Others access bank accounts directly, authorize transfers, and withdraw funds before the session ends. The “cancellation” was never real; it was the pretext for full account access.
The Follow-Up Attack
Victims who fall for the initial call are often re-targeted. The same operation or an affiliated one calls back days or weeks later — sometimes posing as a different company, sometimes claiming to be tracking the original fraud — with a new pretext that requires another remote access session or another payment. Phone numbers identified as high-compliance targets are shared or sold between scam operations.
Red Flags in a Geek Squad Renewal Email
- A phone number is embedded in the email body for cancellation — real Best Buy renewal emails direct you to your account at bestbuy.com, not to a phone number.
- The sender email domain is not @bestbuy.com — look past display names; the actual sending address will be a different domain.
- You have no Geek Squad subscription — or the described plan, amount, or renewal date does not match anything in your actual Best Buy account.
- The charge amount is a round number in the $299–$499 range — the most common fake renewal amounts are calibrated to feel expensive enough to act on but not so large as to seem implausible.
- The email creates urgency with a tight response window — “call within 24 hours or the charge will be final” — real subscription cancellation policies provide reasonable notice periods.
- Any request for remote computer access during the “cancellation” call — Best Buy’s actual customer support does not require remote access to process a subscription cancellation.
💡 The 30-Second Check That Ends Every Geek Squad Scam
Open a new browser tab and type bestbuy.com. Log into your account. Go to Account → Memberships & Protections. If no Geek Squad plan matching the renewal notice exists in your account, the email is fraudulent — decline to pay anything and report it. This check takes under 30 seconds and makes the entire scam irrelevant without ever calling a number or clicking a link in the email.
Why Tech Brand Impersonation Is So Effective
Geek Squad, Norton, McAfee, and Microsoft are among the most impersonated brands in tech support fraud for a specific reason: their services are invisible. Unlike a subscription to a streaming service where you would immediately notice if it was activated, a computer protection or tech support plan is something most consumers accept as “running in the background” without regular visible confirmation. When a renewal email arrives for such a plan, recipients cannot immediately rule out having set it up and forgotten — particularly for older adults who may have had assistance setting up their devices.
This plausible uncertainty is the foundation that all tech brand impersonation scams build on. The recipient’s inability to immediately and confidently say “I definitely never signed up for this” is what makes them pick up the phone instead of deleting the email. Scammers calibrate the fake charge amount and the brand to maximize this uncertainty while minimizing the immediate implausibility that would cause recipients to dismiss the email without engaging.
Remote Access in a Scam Call Means Full Account Exposure
Once a scammer has remote access to your computer, they can see every saved password, every open account, and every financial app. Identity theft protection services that monitor for account takeover and dark web credential exposure catch the downstream effects of these attacks — even when you don’t realize the damage until later.
See Our Identity Theft Protection Rankings →What To Do If You Called the Number or Granted Remote Access
- Disconnect from the internet immediately — unplug ethernet or turn off Wi-Fi to end any active remote session before anything else.
- Change your email password first from a different device — email access enables resets of every other account, so it is the highest-priority credential to secure.
- Change passwords for your bank, PayPal, and any financial account — assume all browser-saved passwords on the affected device are compromised.
- Contact your bank immediately and review recent transactions — report any unauthorized transfers and request a freeze on outgoing transactions while you investigate.
- Run a full antivirus scan on the affected computer — the remote session may have installed keyloggers or backdoor access tools.
- Report to the FTC at reportfraud.ftc.gov and Best Buy’s fraud team at abuse@bestbuy.com — Best Buy actively investigates Geek Squad impersonation and may have additional resources for victims.
- Report to the FBI at ic3.gov if financial losses occurred — tech support fraud involving remote access is investigated at the federal level.
