An email with Best Buy’s logo announces your Geek Squad Total Tech support plan has automatically renewed for $399. You don’t remember signing up for that. The email says to call a number within 24 hours to cancel. You call. The person who answers is not Best Buy. They will spend the next 30 minutes getting remote access to your computer and your bank account.
The Geek Squad renewal scam is a tech support fraud that uses a fake subscription renewal notification as bait to lure victims into calling a scam phone number. Best Buy’s Geek Squad brand is one of the most widely impersonated in the United States — recognized by tens of millions of Americans who have purchased electronics or service plans from Best Buy, making the fake renewal feel immediately plausible to a large potential victim pool.
The scam operates in two main delivery variants. The direct email variant sends a convincingly branded fake renewal notice from a spoofed or near-matching email address, with a phone number embedded in the body. The PayPal variant sends a genuine PayPal invoice for a fake Geek Squad charge — arriving from PayPal’s real servers and landing in the inbox as a legitimate email. Both variants converge on the same outcome: the victim calls a number, reaches a scammer posing as a Best Buy or Geek Squad agent, and is walked through a remote access attack.
The FTC has consistently listed tech support impersonation — with Geek Squad as one of the most reported brand names — among its top consumer fraud categories by volume. The median individual loss far exceeds the stated fake charge because the remote access that follows the phone call enables attackers to access banking apps, authorize transfers, and steal credentials across multiple accounts simultaneously.
A mass email blast reaches recipients carrying Best Buy’s blue and yellow branding, Geek Squad logo, and official-looking invoice formatting. The email states that a Geek Squad Total Tech Support plan or Protection Plan has auto-renewed — for $299, $349, $399, or $499. An order confirmation number and renewal date are included to add authenticity. A phone number is prominently displayed for cancellation, accompanied by urgency language: “If you did not authorize this charge, call within 24 hours.”
When the victim calls, a professional-sounding agent answers with a Best Buy or Geek Squad greeting. They confirm the renewal charge and express apologetic concern. To process the cancellation and refund, they need to access the victim’s account — which requires either the victim’s Best Buy login credentials or, more commonly, installation of a remote access tool (AnyDesk, TeamViewer, or Quick Assist) so the “agent” can “handle the cancellation directly.”
Once remote access is granted, the scammer navigates to the victim’s banking applications or browser-saved passwords while the victim watches what appears to be a normal support session. Some operations run an overpayment scheme — they “accidentally” deposit too much during the refund and ask the victim to send back the excess via Zelle or wire transfer. Others access bank accounts directly, authorize transfers, and withdraw funds before the session ends. The “cancellation” was never real; it was the pretext for full account access.
Victims who fall for the initial call are often re-targeted. The same operation or an affiliated one calls back days or weeks later — sometimes posing as a different company, sometimes claiming to be tracking the original fraud — with a new pretext that requires another remote access session or another payment. Phone numbers identified as high-compliance targets are shared or sold between scam operations.
Open a new browser tab and type bestbuy.com. Log into your account. Go to Account → Memberships & Protections. If no Geek Squad plan matching the renewal notice exists in your account, the email is fraudulent — decline to pay anything and report it. This check takes under 30 seconds and makes the entire scam irrelevant without ever calling a number or clicking a link in the email.
Geek Squad, Norton, McAfee, and Microsoft are among the most impersonated brands in tech support fraud for a specific reason: their services are invisible. Unlike a subscription to a streaming service where you would immediately notice if it was activated, a computer protection or tech support plan is something most consumers accept as “running in the background” without regular visible confirmation. When a renewal email arrives for such a plan, recipients cannot immediately rule out having set it up and forgotten — particularly for older adults who may have had assistance setting up their devices.
This plausible uncertainty is the foundation that all tech brand impersonation scams build on. The recipient’s inability to immediately and confidently say “I definitely never signed up for this” is what makes them pick up the phone instead of deleting the email. Scammers calibrate the fake charge amount and the brand to maximize this uncertainty while minimizing the immediate implausibility that would cause recipients to dismiss the email without engaging.
Once a scammer has remote access to your computer, they can see every saved password, every open account, and every financial app. Identity theft protection services that monitor for account takeover and dark web credential exposure catch the downstream effects of these attacks — even when you don’t realize the damage until later.
