The email, which Best Buy denies sending, informed the victims that their credit cards have been used without their permission to make a purchase from Best Buy. The letter directed the recipients to go to a special Web site and correct the problem by entering their Social Security and credit card numbers.
In addition to assuring consumers that they did not send the email, Best Buy is working with law enforcement and the FTC to resolve the situation. Best Buy also reports that none of their computer systems had been compromised, and that their online business remains secure.
The FTC warns that consumers who did reply to the Best Buy warning email by providing any credit card or bank account information should contact their credit card company and/or bank immediately and cancel those accounts. Consumers who provided their social security number should contact one of the three national consumer reporting agencies, ask to place a fraud alert on their account and obtain a copy of their consumer report.
The three national consumer credit reporting agencies are:
Equifax at 1-800-525-6285
Experian at 1-888-EXPERIAN (397-3742)
Trans Union at 1-800-680-7289
If you have questions about the Best Buy incident, call Best Buy Customer Care at 1-888-BEST-BUY.
How can you tell if a "Fraud Alert" from a company is itself a fraud? FTC investigators say one way is to check with the company before you respond to any Web site that asks you to enter personal identifying information. Another is to check for misspellings and grammatical errors. Silly mistakes and sloppy copy - for example, an area code that doesn't match an address - often are giveaways that the site is a scam, warns the FTC.
