Claim: Best Buy needs you to submit your credit card information to confirm a possibly fraudulent transaction.
Example:[Collected on the Internet, 2003]
BestBuy Order #1095619. Fraud Alert.
Recently we have received an order made by using your personal credit card information.
This order was made online at our official BestBuy website on 06/17/2003. Our Fraud Department has some suspicions regarding this order and we need you to visit a special Fraud Department page at our web store where you can confirm or decline this transaction by providing us with the correct
This e-mail address has been taken from National Credit Bureau.
Click the link below to visit a special Fraud Department page to resolve the cause of the problem.
The order listed above has not yet been processed.
The reason for the delay in processing your order is:
- UNVERIFIED SHIPPING ADDRESS
- Information provided:
41 WINHAM ST
Staten Island, NY 10306
In our effort to deter fraudulent transactions, we need your help in
providing us with the correct information. Your prompt response is needed
to avoid any unauthorized charges to your credit card.
Click the link below to visit a special Fraud Department page to resolve
the cause of the problem.
Origins: Like the PayPal scam, this message is a trap set to lure the unwary into disclosing their credit card information to strangers who would like to put that information to profitable (and illegal)
This scam comes in the guise of a message supposedly mailed out by Best Buy, the giant retail electronics chain, claiming that the recipient's credit card has been used for an on-line purchase of merchandise to be shipped to an unverified address. (Most merchants will not ship an order placed over the phone or via the web to an address other than the one listed as the customer's billing address in the credit card issuer's record without additional verification of identity. This stops credit card thieves from ordering piles of merchandise and having it shipped elsewhere, leaving the credit card holder completely unaware that his card or number is in the hands of crooks until it's too late.)
Of course, Best Buy has nothing to do with the sending out of this warning, and the information about an unauthorized charge is false. The message is bait intended to lure the reader into clicking the provided link, which takes the reader not to Best Buy's site, but to a faux Best Buy page on a completely different site which asks the user to input his credit card number and other personal information. Information thus entered can then be harvested by the scammers to use for all sorts of illicit transactions.
The giveaways to this scam are that:
There is no such organization as the "National Credit Bureau."
The major national credit bureaus (Equifax, Trans Union and Experian) do not maintain databases of e-mail addresses which they provide to merchants to help validate transactions. A merchant needing to verify a credit card transaction would contact the financial institution that issued the card in order to obtain more information.
The link embedded in the message does not take the user to a "special Fraud Department page" on Best Buy's site, but to a page hosted under a completely different domain name (such as digitalgamma.com or your-instant-credit-reporter.org)
The message did not issue from an "@bestbuy.com" address (or the address of any company which performs services on behalf of Best Buy).
Best Buy sent the following message to registered customers and posted a similiar notice on their web site:
Subject: Official Notification from Best Buy
IMPORTANT: E-MAIL HOAX NOTIFICATION
Late Wednesday afternoon, June 18, 2003, Best Buy became aware of an unauthorized and deceptive e-mail to consumers titled "Fraud Alert." That e-mail message, which requested personal information (i.e., social security and credit card numbers), claimed to come from the BestBuy.com
Fraud Department. That message was NOT from Best Buy or any of our affiliates.
Best Buy is working with the appropriate law enforcement authorities to quickly resolve the situation. We are working to shut down sites affiliated with that unauthorized e-mail and Best Buy will work with law enforcement authorities to prosecute any perpetrators involved in this illegal act to the fullest extent of the law. If you replied to the fraudulent e-mail in any way, contact your bank and/or credit card companies immediately.
As part of the preparation for the relaunch of BestBuy.com, online purchasing will be temporarily unavailable beginning Friday, June 20; however, our product information and helpful resource articles will still be available. Rest assured, the fraudulent e-mail will not affect the launch of our redesigned Web site.
If you have any questions, call Customer Care at 1-888-BEST BUY (237-8289) or visit our Online Pressroom.
To find out more about protecting your information, visit the Federal Trade Commission's Identity Theft Web site at www.consumer.gov/idtheft.
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.