How Geek Squad Changed My Perspective on Computers and Cyber Security

By Travis Flores

By October of this year, I will have completed 1 year as a Geek Squad Consultation Agent. At this point, I can confidently say I have seen it all (or most of it at least). When I accepted the job offer last October, my goal was clear: learn as much as I possibly can about technology. Thanks to Best Buy’s consistent flow of traffic, every day has been a learning experience. The concept of Geek Squad, in many client's eyes, is that we are the one-size-fits-all solution to all of their problems. And while I have become proficient at helping people reset their passwords, analyzing Windows Event Viewer, and fixing operating system errors, I feel as though I have learned much more about people. 

One of the unfortunate situations I find myself in a couple times a week is sitting across from a client who has a concerned look on their face and a closed laptop on the table. At this point, I don't even need to ask them what happened. Clients falling for basic social engineering tactics has been a constant ever since I started. The truth of it is, most of these situations are not even unique. It is always some form of clicking a link on a website or in their email, leading to invasive pop-ups with sirens and flashing letters flooding the screen, and a fake Microsoft Technical Support number that they unfortunately call. The nefarious individuals on the other end persuade the client to download some remote access software and the rest is history.

The threat to our digital security is as real as ever. The silver lining is the multitude of companies whose goal is to directly combat these threats. But even then, if you don't know what to avoid, you will almost always fall for the bad guy’s trap. I am often asked, “How do I avoid this in the future?” The perfect response is a work in progress. The concept of "phishing," whether through e-mail, a text message (smishing), or a phone call (vishing), continues to be one of the biggest attack vectors for both the everyday users and major enterprises. The individuals responsible for these evil deeds are becoming more clever and calculated by the day. What working at Geek Squad has taught me, is that there is a large portion of the population that, through no fault of their own, is blissfully unaware that the internet is the wild west. I find myself wondering how someone could fall for these seemingly amateur tactics. But then I remember, not everyone spends as much time on computers as I do. Many clients will start most conversations with “I just want you to know, I am NOT tech savvy.” I have always been puzzled by this statement. What does tech savvy mean? And why did you feel the need to tell me? I’ve recognized that the underlying sentiment is “I NEED YOUR HELP” without actually saying it. I have come to learn a plethora of things about people, but for the sake of this post, I will boil it down to three:

1. Non-technical users see the digital world through rose colored glasses. The fake technical support number that flashes on the screen of a Windows 7 laptop would never fool me, but to those individuals who leave the technical stuff to the professionals, a signal of help is something they welcome. The nefarious individuals understand that more than anyone else. 

2. Many people don't understand the importance of patching. Whether it be Windows, Mac, iOS, or the Android operating system, I will almost always see an update pending. The same goes for applications. The potential for vulnerabilities to pile up and for threat actors to exploit them only grows as time goes on.

3. The concept of malware is foreign. I had someone come up to me and ask, "What's the point of an Antivirus? Haven't we figured out viruses by now?" While I could have gone through a deep rabbit hole and shook the person by their shoulders, I had to put myself in their shoes. Malware is more of an imaginary threat than a tangible one. Kind of like the threat of a meteor hitting Earth. I suppose it COULD happen, but since it hasn't happened in our lifetime, how could we possibly fear the unknown? 

So, with that in mind, what is the takeaway? Education and awareness is key and the more we keep an open mind, devoid of judgement, the safer users will be and feel. I have learned to lean on patience. If I have to repeat the same thing multiple times, then so be it (but I certainly strive not to). For users that are having a hard time understanding the concept, find examples that would make sense to them. The value in having clients truly understand what you’re explaining helps them have more digital autonomy, and could potentially avoid a family member or friend from falling into the same trap. The consequences of being the victim of a scam are significant, both financially and emotionally. Staying safe online is just as important to being safe in real life. Technology is a fantastic tool and it is on a one-way trip with no end in sight. Stay aware. Stay skeptical. If you don’t know where to start, here are some cyber security essentials and useful tips you can put in your back pocket:

Antivirus

• Antivirus software works in two ways. The traditional way is through the use of digital signatures. If a program/file can prove who it is and where it came from, as long as it is from a reputable source, then it will not be flagged. If it can’t, the antivirus kicks in and quarantines the file. The other way an antivirus works is through the use of heuristics, or behavior analysis. If a file/program gets through the door undetected, but is starting to make changes it shouldn’t be, then the antivirus will stop it in its tracks. While antivirus software is powerful, it is certainly not guaranteed to stop everything, so make sure you know what you are downloading or clicking. I personally use MalwareBytes, but the choice is yours! Here is a helpful resource to make your decision: https://www.pcmag.com/picks/the-best-antivirus-protection 

Adblocker

• An Adblocker works to prevent invasive pop-up windows from opening, usually through the browser. Most reputable websites will not redirect you or push invasive pop-ups without letting you know first. These invasive pop-ups usually reside on shady websites using HTTP, but not always. These popups are usually the catalyst to the most common financial scams (remember the fake Microsoft Technical Support number). If you can stop these from happening in the first place, you will avoid a bunch of problems.

Phishing Awareness

• Email is one of the most common attack vectors that threat actors use. We all have an email, and we all receive way more emails than we thought were possible (22,000 and counting). Thankfully, many of the big email providers such as Outlook, Google, and Yahoo have robust filtering capabilities; meaning they automatically route the junk to your spam folder. But every now and then, through clever manipulation, an email will slip through the cracks. We have learned to trust our primary inbox, especially when we peek into our spam folder and see how much is in there. Common ways to identify a phishing email are:

  • Bad grammar or misspelled words.

  • A clear sense of urgency or threat if you do not act fast or do what is requested. 

  • Odd subject line or unknown sender addresses.

Bottom line If you don’t recognize the content, sender, or if it just looks off, chances are you are right. 

Patching

• Patching software is probably the easiest way to keep yourself safe. If you have an update, push it through and let the magic happen. Developers of all your favorite apps and programs work diligently to identify issues with their code. On top of that, they also work closely with security analysts who identify vulnerabilities in the software. The tandem ensures that you have the most up to date and robust program to use. 

Password Complexity/Manager

• Please avoid using an easy password. There is literally a list of the most used passwords in the world. Seriously, here it is: https://nordpass.com/most-common-passwords-list/. If your password is on this list, it's time to make a change. Password cracking technology is relatively simple to use with a bit of technical knowledge. The password you choose needs to be complex, but trust me it will be worth it. Plus if you don’t want to remember a million complex passwords, then you can use a password manager. It works by encrypting your “vault” of passwords so it's just a jumbled mess of letters and numbers. Anyone looking at it will have no idea what it is or where it goes. Most password managers integrate with the browser and allow you to have it choose an extremely complex password and save it for you. A recent innovation to passwords has been the passPHRASE. Instead of it being a variation of a word, it is a phrase you may actually have a better time memorizing. Example: “The house on 23rd street!” This is more than 10 characters, has numbers, a mix of upper and lower case, and a special character. Also, the spaces between each word will throw off the bad guys. 

Default Credentials

• This is another easy one. Anything that gives you default credentials to access, just understand that someone has taken note of those credentials and put them on the internet somewhere. Thankfully, there aren’t many pieces of technology that let you use it without first configuring it for yourself. But in the event that you come across something that gives you a username of “admin” and a password of “admin,” make sure to change it immediately. 

Legacy / End of Life

• When software becomes “End of Life”, it means the company that was originally supporting it through updates and security patches is no longer doing so. The reason this matters is due to the potential vulnerabilities that can be exploited as you continue to use it without support. A current example of this is the ending of support for Windows 10 on October 14th 2025. Be sure to weigh the pros and cons of continuing to use legacy software. A helpful resource I use to find the support timeline for software is: https://endoflife.date