That's the first step.

Simply let your mouse roll over the addressee and you will typically see some Gmail or other non-BestBuy-associated address.

Then id the address as spam and then delete.

Some of the Paypal ones are harder to recognize coming from somewhere other than Paypal, but if they do not use your actual name then they are fake. Forward them to spoof@paypal.com or phishing@paypal.com

Called Best Buy and they are aware of the scam. Just report it as spam

I forward the emails to abuse@bestbuy.com or whatever company is being impersonated.

Being a computer-head, I forward it with full headers and then as message source. If the security people at the impersonated company want to track down the scammers, this just makes it easy for them. I don't know what they actually do, but they might contact an ISP to shut down the sender, or call the cops.

The "abuse" address will vary. Sometimes, it's "phishing@-------"
If it's a new one, go to their website, and there will either be a "report abuse" email address, or go to "contact us" and there may be a "report abuse" address.

Otherwise, just send it to the spam bin. "mark as spam" or whatever.
That may train your email provider or email app to recognize such things as spam/phishing easier next time.

JUST NEVER REPLY OR CLICK ON LINKS IN THE EMAIL

(but of course, I don't--that would be illegal in addition to confirming your own email address).

But I do compile a running document embedded with all these scam emails and periodically do send them to the AG's office asking them to intervene. Several years ago, I received a small settlement from a class action suit for scam phone calls. I guess no one bothers to file them any more.

That's good that you report to the AG. Better than not doing so, and "ya never know"

Some large outfit in India got slapped down for being a center for scams, and that takes a large and coordinated response.

Maybe your messages get forwarded. The U.S. is definitely taking on offshore hacking groups that send phishing emails to gain access to corporate systems. Someone just posted today about a web page downloading an html file,
https://democraticunderground.com/125620687
which led to this article.
https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

Tracking these down is tedious work for computer incident response teams, and is the work of vendor and computer/FBI teams depending on the severity.

So, keep reporting. "ya never know"

"Medicare is denying your claim. Please contact..."