Why internet scams are so poorly written

I just received two emails supposedly from the Geek Squad, the name of the technical assistance group of the Best Buy store. The first one was from a Brooke Lola who told me that my account had been auto-renewed and that my card had been charged the annual subscription fee of $349.99. If I didn’t authorize this, then they gave me a phone number to call but I had to do so within 24 hours. Then a few minutes later I got the identical message, except that it was from someone named Vernon Jarbine.

I have never dealt with the Geek Squad so of course I immediately suspected a scam and I checked my bank and credit card accounts to make sure that no such charge had been made. According to this article, this is one of seven variants of Geek Squad scams that are currently making the rounds.

The Geek Squad scam is just one example of the widespread tech support scam trend that cost Americans nearly $350 million in 2021 alone, according to the FBI [*].

Scammers prey on victims seeking technical help, or they use the names of recognizable companies (like Best Buy, Amazon, or Apple) to fool you into giving them money, personal information, or remote access to your computer. 

If you need help with your computer or other electronic devices, the last thing you want is to end up getting scammed. So how can you tell if you’re dealing with the real Geek Squad and not a scammer? 

In this guide, we’ll show you how to recognize and avoid the most common Geek Squad scams.

As that article says, there are some obvious signs that this is a scam, such as typos and grammatical errors and the absence of the official logo of the group. One might wonder why the people behind these scams do not take the simple and obvious steps to eliminate such errors. In fact, I was with a friend when he got a scam call and he said that if he were behind such scams, he would make it much harder to detect.

But those errors are a feature not a bug, based on the economics of these scams. There is almost no cost in the first phase which is to send out blanket emails. The cost lies in the next phase when the sucker calls the number to correct the ‘error’. The person on the phone will string the sucker along in order to get them to reveal financial information in order to rectify the ‘error’. This takes time and effort to successfully pull off.

The scam artists do not want to waste time on people who will figure out it is a scam somewhere along the line and hang up. If the initial approach is too slickly done, it will draw in people who will catch on at some point and those people are a waste of time. They want to weed out such people right at the beginning. They figure that people who do not notice the tell-tale signs and call them are more likely to fall for the scam.

And sadly, that is the case. Older people who are not very technically literate are especially the ones who are likely to use the services of these technical groups and thus more likely to be duped.


  1. Oggie: Mathom says

    i’ve gotten a few of those in the past month. Just got one about a free ride-on mower from Home Depot. First thing I do is glance at the email address. This one was from GeordiSaradaksyan@Toliberstall.arn. Once again, I went to FCC.gov and reported the incident, with the email address.

    I do wonder, though, if the FCC is wondering if I am the scammer, since I report scam attempts twice a week. Then I put them in spam folder with a permanent block on that address.

    I’ve had my home email since 1994, so I suspect that it is on every scam list on earth as a valid email. Sigh. Maybe I should change it.

  2. says

    I don’t get scam emails, I get scam robocalls saying there’s been an order and a charge of several hundred dollars to my “account,” and to press “1” to dispute and cancel the charge. So I always pressed “1” and started asking questions like “what account are you talking about, exactly?” and “Who are you calling for? There’s more than one person living here.” The scammer guy (always with an Indian accent) normally just hangs up right away. So now I get fewer of those calls per week than I used to get.

  3. Oggie: Mathom says

    Raging Bee:

    Even though the extended car warranty people aren’t supposed to cold call anymore, I am getting more than one a day. I am on the no-call list. Once I stayed on the line and someone with a very Slavic accent came on. My first question? Where are you located. His reply? I am in Scra, er, en, ton, er, Scran-ton. It was pouring outside (this was on Labour Day Monday and we were in the midst of a 3-5 inch areal rainfall), so I asked how the weather was? He said bright and sunny. I called him a liar and told him to remove my number from the list. He hung up. I got no calls yesterday or today. Maybe it worked?

  4. John Morales says

    Sad significance to the OP, since it suggests that even filtering out all but the semi-literate from the gullible portion of the population, the remaining set of candidates is sufficient for profit.

    Maybe. Though I see egregious errors of orthography and of grammar rather often, even in professional media.

    (Mano, you’re rather impeccable)

  5. says

    Oh yeah, I used to get dozens of “final attempts to reach me” about my car’s “extended warranteee.” I hung up every time, which may be why I’m off their list.

    There’s also “your Amazon account has been breached.” That’s dropped off for me recently too.

  6. John Morales says

    Thing is, a lot of those will be people who are suffering incipient cognitive impairment but are yet to be diagnosed — an unfortunate actuarial window of opportunity. No real protection for them.

    Related: I can’t see why it’s beyond current ability to write an app that scans incoming messages and uses AI to flag probable scams.

  7. prl says

    Raging Bee @2:

    So now I get fewer of those calls per week than I used to get.

    That may simply be coincidence. I generally find that scam calls of a particular flavour tend to come in blocks. I’ll get calls every few days, then none for some time. I’ve always assumed that their autodialler works through a block of numbers a few times, then moves onto the next one.

    The fact that I engage with scammers, wasting their time for 10-20 minutes before I tell them that I’ve been stringing them along seems to make no difference to whether I get a call back from them again or not.

    The “press 1 to resolve the issue” is also a pre-filter of the type that Mano is talking about. People who recognise it as a scam will simply not press 1. By adding that step, they probably get a larger proportion of people willing to believe the scam, and can possibly just do away with their first level of scam farm workers.

    I just hang up on “press 1 to talk to us”, because I’m wary of any actions from my end that may have unforeseen consequences. Very occasionally, when I’ve held on to the call after the “press 1”, it’s switched me through anyway.

  8. says

    What’s weird is that sometimes it’s easy to keep a scammer on the phone no matter how obvious it is that you aren’t going to suckered in. I once kept repeating “You’re a fucking piece of shit” to one and instead of hanging up he kept replying that he’s not. Then there’s the one who, when I asked him where in India he was asked how I didn’t know if he was in Pakistan. We got to the point where he admitted what he thought of Pakistan, so yeah, he was in India.

  9. Reginald Selkirk says

    I never answer my phone for numbers I do not recognize. Most of the unwanted calls I get leave a message on the voice mail, in Chinese.
    As for emails, my email service seems to do a fair job of identifying the nefarious ones and putting them in the junk folder.

  10. lanir says

    John @6: Setting up a filter would be trivial. And then, most likely within a week, it would be trivial to circumvent. Then you might be annoyed and put significantly more effort into training the filter. And it might take a little bit longer but if it were not a one off only you used, it would be useless in the end. If you’re using rules, you’re inherently predictable to some extent. And if you make it worth their time by having it be a widespread solution so you can afford to make it really good, then you’re probably also approaching the point where it’s worth it for them to use the same tech to circumvent your setup.

  11. Reginald Selkirk says

    lanir @11: John @6 specifically mentioned using A.I. That means you don’t make specific rules, you let the A.I. do it. You start with a training set, and tell it which messages are scams, and let it figure it out. As some make it through the filter, you mark them, and the A.I. updates its training. You should probably look through the spam folder once in a while in case it dings legitimate emails.

Leave a Reply

Your email address will not be published. Required fields are marked *