IsThisAScam
HomeBlogPricingAboutHistoryAPIExtension
Upgrade
EN
Sign in
Sign in
IsThisAScam

Independent scam & phishing analysis. Free for individuals. APIs for developers.

© 2026 Zeplik, Inc.
1111B S Governors Ave, Dover, DE 19904
+1 (838) 221-7030
[email protected]
Product
  • Home
  • Blog
  • Pricing
  • About
  • Methodology
  • History
  • Chrome Extension
Resources
  • Developers
  • API Docs
  • Website trust reports
  • Scam type briefs
  • How-to guides
  • Scam glossary
  • Compare tools
  • Apple scams
  • PayPal scams
Legal
  • Privacy Policy
  • Terms of Service
  • [email protected]

© 2026 Zeplik, Inc. All rights reserved.

Built for the calm, the cautious, and the careful.

IsThisAScam is a Zeplik product. Explore our other tools: Arteza (AI image and video), OptiPix (privacy-first image tools).

Home/Blog/Scam Alerts
Scam Alerts

Geek Squad Scam Email: The Fake Renewal Invoice Explained

By IsThisAScam Research TeamPublished July 2, 20264 min read
Contents
  1. Anatomy of the Fake Invoice
  2. What Happens When You Call
  3. How to Tell It Is Fake in Ten Seconds
  4. What to Do
  5. Why Geek Squad Specifically?
  6. The Broader Pattern

The Geek Squad scam email is a fake renewal invoice claiming that your Best Buy Geek Squad protection plan or antivirus subscription has auto-renewed for a large amount — commonly $299 to $499 — and instructing you to call a phone number if you want to cancel. There is no subscription and no charge. The invoice exists purely to make you dial the number, where a scam call center walks you into installing remote-access software and losing real money through a fake refund. It has been one of the most reported impersonation scams in FTC consumer alerts for years.

Anatomy of the Fake Invoice

The emails follow a recognizable template:

  • An alarming subject line: "Your Geek Squad subscription has been renewed," "Payment confirmation #GS-8837710," or "Thank you for your order."
  • A plausible-looking invoice body, often a PDF attachment or an image, listing a plan name, an invoice number, a renewal date of today, and a charge of several hundred dollars.
  • A tight deadline: "The amount will be debited from your account within 24 hours."
  • One and only one remedy: a toll-free "customer support" or "cancellation department" phone number. There is usually no link to click at all — which, counterintuitively, helps the email evade filters trained to inspect URLs.
  • A sender address that does not match: the display name says "Geek Squad" but the actual address is a random Gmail, Outlook, or lookalike domain. In some variants scammers send the fake invoice through legitimate invoicing services so the email authenticates cleanly — the same trick as the PayPal invoice scam.

Think it might be a scam?

Paste it here for a free, instant verdict.

No signup · 6 detection layers · Results in seconds · Cmd+Enter

What Happens When You Call

  1. Confirmation of the fake charge. A polite "agent" looks up your invoice number and confirms the renewal — manufacturing panic, then offering relief: "I can process your cancellation and refund right now."
  2. The remote-access request. To "process the refund," they ask you to install a screen-sharing tool such as AnyDesk, TeamViewer, or UltraViewer. This is the moment the scam becomes dangerous. Once connected, they can see everything you do and control your machine.
  3. The refund overpayment trick. They have you log into your online banking "to receive the refund." Using screen control and simple page edits — or by quietly moving your own money between your accounts — they make it appear they refunded too much: "I sent $3,500 instead of $350! I'll lose my job. Please send the difference back."
  4. The payback demand. The "excess" was always your own money. But believing they are correcting an error, victims are pressured into buying gift cards and reading the codes aloud, wiring funds, sending crypto, or even mailing cash. Some crews also harvest saved passwords and card numbers while connected. Gift cards feature constantly because they are instant and irreversible — see our gift card scam guide for why.

Older adults are targeted disproportionately, and losses per victim are among the highest of any email scam category because the phone conversation lets scammers apply live, adaptive pressure for an hour or more.

How to Tell It Is Fake in Ten Seconds

  • You do not have a Geek Squad subscription. Most recipients never did. An invoice for a service you never bought is not a billing mistake; it is bait.
  • Check the real sender address, not the display name. Best Buy email comes from bestbuy.com addresses, not free webmail accounts.
  • Real companies do not demand a phone call to cancel. Genuine subscriptions are managed in your online account, and real renewal receipts reference the card actually charged.
  • Check your card and bank statements. No pending charge exists. The "debit within 24 hours" threat is fiction — the scammers do not have your payment details. Getting them is the whole point of the call.

What to Do

  1. Do not call the number, and do not reply. Replying confirms your address is live and invites follow-ups.
  2. Report and delete. Forward the email to [email protected] and to the FTC at reportfraud.ftc.gov, then delete it.
  3. If you called but paid nothing, you are likely fine — but expect more calls; they now know you engage. Block the number.
  4. If you installed remote software, disconnect from the internet, uninstall the tool, run a full malware scan, change your banking and email passwords from a clean device, and watch your accounts closely.
  5. If you sent money, contact your bank or card issuer immediately to attempt a recall or dispute, report gift card numbers to the card issuer, and file reports with the FTC and the FBI's IC3. Partial recovery is possible if you act within hours.

Why Geek Squad Specifically?

Scammers pick Geek Squad for the same reason they pick Norton and McAfee: it is a tech-support brand that plausibly bills annually, that many households vaguely remember interacting with at some point, and whose subscription terms few people track closely. A $399 renewal from a service you half-remember is exactly ambiguous enough to make calling "just to check" feel reasonable — and the call is the trap. The scam also self-selects for less technical victims: people confident about managing subscriptions online simply log into their Best Buy account, see nothing, and delete the email, while those who prefer to resolve things by phone dial the scammer's number. If you help older family members with technology, this specific email is worth warning them about by name, along with the rule that no real company fixes billing problems via remote access to your computer.

Related reading:

  • PayPal Invoice Scam: Why Real PayPal Emails Can Be Fraud
  • Crypto Recovery Scams: When Victims Get Scammed Twice
  • Tech Support Scams: How They Work and How to Avoid Them

The Broader Pattern

Geek Squad is just the most popular costume. Identical fake-renewal invoices circulate under Norton, McAfee, PayPal, and Amazon branding, and they all share one engine: a scary charge, a phone number, remote access, and a fake refund. Learn the shape once and you are immune to every variant. For the underlying techniques, see our phishing scams hub.

Not sure whether a renewal invoice in your inbox is real? Paste it into IsThisAScam.to for a free, instant analysis — it checks the sender, the language, and known scam templates in seconds.

Received something suspicious? You can check if an email is a scam in seconds with our free 6-layer scanner. Read our full guide to tech support scams for tactics, examples, and reporting steps.

Share this article
XLinkedInFacebookWhatsApp
geek squadbest buyinvoice scamrefund scamremote access
Related Articles
Scam Alerts4 min

PayPal Invoice Scam: Why Real PayPal Emails Can Be Fraud

Scam Alerts4 min

Crypto Recovery Scams: When Victims Get Scammed Twice

Guides4 min

Tech Support Scams: How They Work and How to Avoid Them

CHROME EXTENSION

Stop scams before you click

Scans emails in Gmail automatically. Right-click any link to check it. Warnings appear before you reach dangerous sites.

Add to Chrome — Free →

One-click install · No account needed · Works with Gmail

PRO

Need more than 5 scans a day?

Pro gives you 200 scans/month, detailed AI analysis, 30-day history, and the Chrome extension for $2.99/mo.

See pricing →

Check any suspicious message

Six detection layers. Instant verdict. Free.

No signup · 6 detection layers · Results in seconds · Cmd+Enter