Threat Alert: TOAD Attack Spoofs Geek Squad Branding

• Cybercriminals have launched phishing attacks abusing Best Buy’s Geek Squad branding. 
• The phishing lures allege the recipient’s Geek Squad subscription is expiring, and they are being automatically charged for a subscription renewal. 
• The lures contain a phone number for a fake customer support line, which recipients are encouraged to call. 
• Callers to the support line are ultimately instructed in downloading remote monitoring and management software onto their computer. 

Key Actions (at Work and at Home)

• Never trust a phone number included in an email, especially if the message was not expected. Cybercriminals frequently establish phone numbers and call centers for malicious purposes. Use only trusted, verified numbers when calling to confirm claims made in emails and other messages.   
• Beware of unexpected emails that pose as support notifications or account alerts. Many people are fooled by fraudulent customer service emails and are tricked into installing dangerous software. It’s critical to confirm account alerts at the source, outside of email.  
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.