Fact Check

Best Buy Scam

Does Best Buy need you to submit your credit card information to validate a purchase?

Published Jun 18, 2003


Claim:   Best Buy needs you to submit your credit card information to confirm a possibly fraudulent transaction.

Status:   False.

Example:   [Collected on the Internet, 2003]

BestBuy Order #1095619. Fraud Alert.

Dear customer,

Recently we have received an order made by using your personal credit card information.

This order was made online at our official BestBuy website on 06/17/2003. Our Fraud Department has some suspicions regarding this order and we need you to visit a special Fraud Department page at our web store where you can confirm or decline this transaction by providing us with the correct

This e-mail address has been taken from National Credit Bureau.

Click the link below to visit a special Fraud Department page to resolve the cause of the problem.


Item No: 73890
CDA-9815 In-Dash CD Player/Ai-Changer Controller
Price: $387.65 Qty: 2 Total: $775.3

The order listed above has not yet been processed.
The reason for the delay in processing your order is:


- Information provided:
Staten Island, NY 10306
United States
phone# 206-337-9843

In our effort to deter fraudulent transactions, we need your help in
providing us with the correct information. Your prompt response is needed
to avoid any unauthorized charges to your credit card.

Click the link below to visit a special Fraud Department page to resolve
the cause of the problem.

Origins:   Like the PayPal scam, this message is a trap set to lure the unwary into disclosing their credit card information to strangers who would like to put that information to profitable (and illegal)


This scam comes in the guise of a message supposedly mailed out by Best Buy, the giant retail electronics chain, claiming that the recipient's credit card has been used for an on-line purchase of merchandise to be shipped to an unverified address. (Most merchants will not ship an order placed over the phone or via the web to an address other than the one listed as the customer's billing address in the credit card issuer's record without additional verification of identity. This stops credit card thieves from ordering piles of merchandise and having it shipped elsewhere, leaving the credit card holder completely unaware that his card or number is in the hands of crooks until it's too late.)

Of course, Best Buy has nothing to do with the sending out of this warning, and the information about an unauthorized charge is false. The message is bait intended to lure the reader into clicking the provided link, which takes the reader not to Best Buy's site, but to a faux Best Buy page on a completely different site which asks the user to input his credit card number and other personal information. Information thus entered can then be harvested by the scammers to use for all sorts of illicit transactions.

The giveaways to this scam are that:

  • There is no such organization as the "National Credit Bureau."
  • The major national credit bureaus (Equifax, Trans Union and Experian) do not maintain databases of e-mail addresses which they provide to merchants to help validate transactions. A merchant needing to verify a credit card transaction would contact the financial institution that issued the card in order to obtain more information.
  • The link embedded in the message does not take the user to a "special Fraud Department page" on Best Buy's site, but to a page hosted under a completely different domain name (such as digitalgamma.com or your-instant-credit-reporter.org)
  • The message did not issue from an "@bestbuy.com" address (or the address of any company which performs services on behalf of Best Buy).

Best Buy sent the following message to registered customers and posted a similiar notice on their web site:

Subject: Official Notification from Best Buy


Late Wednesday afternoon, June 18, 2003, Best Buy became aware of an unauthorized and deceptive e-mail to consumers titled "Fraud Alert." That e-mail message, which requested personal information (i.e., social security and credit card numbers), claimed to come from the BestBuy.com
Fraud Department. That message was NOT from Best Buy or any of our affiliates.

Best Buy is working with the appropriate law enforcement authorities to quickly resolve the situation. We are working to shut down sites affiliated with that unauthorized e-mail and Best Buy will work with law enforcement authorities to prosecute any perpetrators involved in this illegal act to the fullest extent of the law. If you replied to the fraudulent e-mail in any way, contact your bank and/or credit card companies immediately.

No Best Buy systems have been compromised, and our online business is secure. The privacy of your personal information is of the utmost importance to Best Buy and any information you provide to us is handled according to our Privacy Policy.

As part of the preparation for the relaunch of BestBuy.com, online purchasing will be temporarily unavailable beginning Friday, June 20; however, our product information and helpful resource articles will still be available. Rest assured, the fraudulent e-mail will not affect the launch of our redesigned Web site.

If you have any questions, call Customer Care at 1-888-BEST BUY (237-8289) or visit our Online Pressroom.

To find out more about protecting your information, visit the Federal Trade Commission's Identity Theft Web site at www.consumer.gov/idtheft.

Last updated:   5 January 2008

  Sources Sources:

    Reuters.   "Best Buy Warns About Deceptive E-Mail."

    18 June 2003.

David Mikkelson founded the site now known as snopes.com back in 1994.

Article Tags