Hackers masquerade as Best Buy to steal credit-card details



An email purporting to be from the electronics chain is directing would-be victims to a fake Best Buy Web site
Best Buy moved on Thursday to limit damage from an email scam that sent potential victims to a look-alike Web site in an attempt to persuade them to give up their credit-card information.

The Minneapolis-based electronics and consumer-goods chain consulted with both the Federal Trade Commission's identity-theft group and federal and state law enforcement to try and track down those responsible for an email message that apparently started circulating on Wednesday.

"The clear message we are trying to send is it is not from Best Buy," company spokeswoman Lisa Hawks said.

The email tells a recipient that an order made on BestBuy.com used the person's credit-card information, and it asks the recipient to follow a link to the company's page for its fraud department. The link actually goes to a different Web site, which masquerades as Best Buy's site and requests personal information.

Instances of the scam email, sent to CNET News.com by readers, show that different Web sites are being used to host the ploy. Two different links were found, indicating that a single perpetrator is trying to stay ahead of the Internet service providers or that a copycat has started using the message. Both sites had been taken down by their hosting providers as of Thursday morning.

The BestBuy.com disguise is new, but the scam is old. Email messages that refer recipients to Web sites that masquerade as legitimate e-commerce sites have targeted customers of PayPal, eBay, Wells Fargo Bank and others.

Employees of law firm Gray Cary have wised up to such scams, said Don Jaycox, chief technology officer for the firm. Despite dozens of employees receiving the bogus Best Buy email, none reported falling for it.

"We have trained all our people to be distrustful of things they get in email," Jaycox said. "Our advantage is that they listen to the warnings."

Best Buy's Hawks said that the company hadn't yet heard of anyone falling for the scam, but warned that Best Buy has its work cut out for it in notifying potential victims.

"It's not just Best Buy customers, necessarily, it is Joe Consumer," Hawks said. "That's why we are being proactive about getting the word out."