Best buy email scam Best Buy Notifications

Last updated on Apr 2, 2025 2 min read Cybersecurity

A few days ago, I received a strange notification email from Best Buy. At first, I assumed it was just spam. However, since it wasn’t flagged by my anti-spam filter, I decided to take a closer look, just to be sure. Upon inspecting the email, everything appeared legitimate—there were no immediate signs of it being spam. This prompted me to investigate further.

Spam Email

Spam Email Continued

After carefully analyzing the sender’s email address and the reply-to field, I confirmed that the notification email was indeed authentic and sent by Best Buy. This puzzled me, as I’m based in Belgium and don’t use Best Buy. The unexpected order notification led me to double-check all my credit cards to ensure none had been compromised.

The objective of this scam email becomes apparent when you spot the phone number included in the address field. The scammer cleverly inserted their contact number with the call-to-action:

CONFIRMATION PENDING
QUESTION'S CALL US
(888) 929-5742
Salt Lake City, UT 84105

Clicking on the link in the email to view the order status reveals that the order has already been cancelled. It’s likely that the scammer exploited Best Buy’s free cancellation policy. They placed an order, used the notification to send the scam email, and then cancelled the order shortly afterward.

Order Details

Why this scam works

This scam is particularly effective due to the following reasons:

  1. Address Field Exploitation
    There is no validation to ensure the address is legitimate. This allows scammers to insert any content they want in the address field.

  2. Lack of Email Verification
    Best Buy doesn’t verify the buyer’s email address. This makes it easy for scammers to send order notifications to any email address, even if they don’t own it.

By leveraging a genuine order notification from a trusted company like Best Buy, this scam easily bypasses most email spam filters.

How to Avoid Falling for This Type of Scam

Simply verifying the sender’s email address won’t be enough in this case. To stay safe, follow these steps:

  1. Stay Calm and Think Critically
    Don’t rush to call the first phone number you see in the email.

  2. Double-Check Your Accounts
    Carefully review your credit card and bank statements to confirm whether there’s been any unauthorized transaction.

Conclusion

Stay vigilant and cautious when receiving unexpected notifications, even if they appear to be from trusted sources. Always verify the details and think twice before taking any actions suggested in the email. Scammers are becoming increasingly sophisticated, so awareness is your best defense.

Spam Cybersecurity Email
Yacine Sahli
Yacine Sahli
Senior Consultant Cloud Engineering

Wrangling clouds and taming DevOps chaos—he’s basically a tech wizard, minus the pointy hat