Some customers wondered if the security alert emails they got from Best Buy were real.
Some Best Buy customers weren’t sure if the account security emails the company sent out on Friday were real.
The emails were signed by Lisa Smith, who is the vice president of enterprise customer care at Best Buy. They told the recipients that their bestbuy.com passwords had been turned off because hackers might have gotten into their accounts.
“We are looking into why hackers from all over the world are trying more to get into accounts on BestBuy.com and other e-commerce sites,” Smith said in the emails. “These hackers didn’t get their usernames and passwords from any Best Buy system. Instead, it looks like they got them from somewhere else and are trying to use them to get into BestBuy.com accounts.”
Customers who were affected were told to click on a link to reset their passwords and then check that the personal information in their accounts was correct.
Some Best Buy customers didn’t believe the company’s email alerts because cybercriminals sometimes use similar instructions to trick people into going to phishing websites.
A user on the Best Buy community forums said, “The links don’t start with http://www.bestbuy.com, and they aren’t SSL encrypted, so I’m not sure if it’s real or not.” “Is this real, or did the hackers make it up?” asked another customer on Facebook.
Through the company’s official Facebook account, a worker at Best Buy named Marti confirmed that the email messages are real.
Marti said, “This isn’t the result of a breach in Best Buy’s systems, but we’re always working to help our customers, and we’re asking them to take the time right now to protect their online information by doing things like changing their BestBuy.com passwords and not using the same passwords for different accounts, etc.”
Security experts have been telling people not to use the same password for multiple websites or online services for a long time, because it makes it much more likely that their log-in credentials will be stolen.
There are free programmes that can help people set up and keep track of different passwords for each of their online accounts. Most of them work well with browsers and have the ability to auto-complete text.
