E-mail scam makes Best Buy scramble

The retailer moves to limit damage from an e-mail scam that links to a look-alike Web site to try to persuade consumers to give up their credit-card information.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Best Buy moved on Thursday to limit damage from an e-mail scam that sent potential victims to a look-alike Web site in an attempt to persuade them to give up their credit-card information.

The Minneapolis-based electronics and consumer-goods chain consulted with both the Federal Trade Commission's identity-theft group and federal and state law enforcement to try and track down those responsible for an e-mail message that apparently started circulating Wednesday.

"The clear message we are trying to send is it is not from Best Buy," company spokeswoman Lisa Hawks said.

The e-mail tells a recipient that an order made on BestBuy.com used the person's credit-card information, and it asks the recipient to follow a link to the company's page for its fraud department. The link actually goes to a different Web site, which masquerades as Best Buy's site and requests personal information.

Instances of the scam e-mail, sent to CNET News.com by readers, show that different Web sites are being used to host the ploy. Two different links were found, indicating that a single perpetrator is trying to stay ahead of the Internet service providers or that a copycat has started using the message. Both sites had been taken down by their hosting providers as of Thursday morning.

The BestBuy.com disguise is new, but the scam is old. E-mail messages that refer recipients to Web sites that masquerade as legitimate e-commerce sites have targeted customers of PayPal, eBay, Wells Fargo Bank and others.

Employees of law firm Gray Cary have wised up to such scams, said Don Jaycox, chief technology officer for the firm. Despite dozens of employees receiving the bogus Best Buy e-mail, none reported falling for it.

"We have trained all our people to be distrustful of things they get in e-mail," Jaycox said. "Our advantage is that they listen to the warnings."

Best Buy's Hawks said that the company hadn't yet heard of anyone falling for the scam, but warned that Best Buy has its work cut out for it in notifying potential victims.

"It's not just Best Buy customers, necessarily, it is Joe Consumer," Hawks said. "That's why we are being proactive about getting the word out."