Did You Get a Fake McAfee or Norton Invoice? How the Scam Works (and What Not to Do)

I just paid $715.15 for a five-year subscription to McAfee Total Protection for 20 devices. At least, that’s what an unidentified individual wants me to believe.

Also: Stop Paying for Third-Party Antivirus Software. Here’s Why

News about my trades comes as an email sent to my personal account, with a PDF attached. The attachment looks like this.

That “receipt” looks official, right? Especially to an inexperienced person who doesn’t have the experience to spot the signs of a scam. You’ve probably seen similar scam emails congratulating you on your purchase of a subscription to McAfee or Norton Internet Security or some other brand that consumers know.

Also: Has Your SSN Been Leaked on the Dark Web? How to Check for Suspicious Activity (and What to Do Next)

The alleged transaction amount is usually just high enough to make you nervous. And if you don’t realize it’s a scam, your first reaction is to pick up the phone and call the toll-free number on the invoice so you can explain that it was all a mistake and that you never ordered those products and ask them to please refund the charges.

How this scam works

So what happens if you call the number on that receipt? Thanks an affidavit filed as part of a case in a United States federal court In the Southern District of Mississippi, we now have a detailed description of this scam in action. (Thanks to Seamus Hughes and his excellent Court Watch Newsletter for the link.)

Also: AI Phone Scams Sounds Scary. Do These 5 Things to Protect Yourself and Your Family

The affidavit was authored by Martez Simpson, a Special Agent with the United States Secret Service, who described how the victim was scammed out of nearly $11,000. Agent Simpson even attempted to speak with the recipient of the money, an Indian citizen who was upset that his cryptocurrency account had been seized by the Federal Reserve under a court order.

The victim, a Mississippi woman identified only as V1 in the affidavit, called the number after receiving the scam email and spoke with someone claiming to be a McAfee employee. (Needless to say, he was not.) That person, referred to in Secret Service parlance as an unidentified individual (“UI”), convinced the victim to install software that would give the crook access to her computer.

Using command prompt entries, the UI convinced V1 that, instead of the $723.64 that the email indicated had been improperly withdrawn from her bank account, her bank records showed that $77,723.64 had been refunded. The UI informed V1 that since the refunded amount to the account was incorrect, V1 needed to physically withdraw the money from the bank and deposit it into a Bitcoin ATM.

(As Agent Simpson notes in the caption, it’s likely that more than one individual was involved in carrying out this scam. And if this story sounds familiar, it may be because some of the plot elements are central to the movie. Beekeeperstarring Jason Statham, now streaming on Amazon Prime.)

The victim apparently believed that this McAfee employee had access to her cell phone and email account and that the only way to regain access was to follow their instructions. She withdrew $15,000 in cash from her bank account and then, while still on the phone with the criminals overseas, went to two separate Bitcoin ATMs and converted nearly $11,000 of that cash into Bitcoin. She then emailed Bitcoin tracking codes to a Gmail address provided by the criminals, who responded with a pair of QR codes that V1 unfortunately used to transfer the funds to a Binance wallet controlled by the thieves.

There’s no indication in the affidavit of what happened next, but it’s likely that the bad guys simply hung up. After all, they had the money and didn’t need to keep up the pretense with their victims.

Also: The NSA recommends turning your phone off and back on once a week — here’s why

After the bank informed the victim that she had been defrauded, they called the Secret Service, who were able to track the funds using blockchain analysis. They convinced Binance (where the wallet was held) to freeze $29,788.29 in that account while they went to court to recover the money. That’s when the wallet’s owner, “Azmi,” contacted the Secret Service to find out why his account had been frozen.

According to Agent Simpson, “Azmi was adamant that he did not know these people, claiming that he was just a trader. I believe that Azmi used the conversation to “mine” information regarding frozen accounts and become better at this type of cryptocurrency scam.”

Good luck, Azmi.

Other variations of the common scam

Your first reaction to this story is probably, “Who would fall for this crazy scam?” The answer is: a lot of people. Usually, they’re responding to one of two common motivations, fear or greed. The Federal Trade Commission calls them “impersonation fraud,” And what they all have in common is that the person trying to take your money wants to convince you that they’re working for someone you trust: a large company like Amazon or PayPal, a government agency like the FTC, or maybe your bank or credit union.

Also: How to Find and Remove Spyware from Your Phone

There are many variations beyond the fake McAfee receipt. You may get a phone call, supposedly from Amazon or your bank, warning you of a “fraudulent transaction.” There are fake anti-virus alerts that pop up and tell you your computer is infected and you need to call immediately to have the virus removed.

You can find countless examples of people who have been scared out of their wits in response to these scams, such as This Pittsburgh woman woman lost $10,000 after receiving a fake virus alert. She called the number on the pop-up message and spoke to a man claiming to work for Microsoft. The thieves said her bank account had been compromised by a Chinese child pornography gang who would take her money unless she transferred it using a Bitcoin ATM.

Also: Wiping Your Windows Laptop? Here’s the Safest Free Way to Erase Your Personal Data

And even the most sophisticated people can get sucked into a money-switching scheme that looks ridiculous in retrospect. Take Charlotte Cowles, who is not a senior citizen and writes a financial advice column for New York magazine. She handed over $50,000 in cash to a gang of thieves claiming to work for Amazon, the Federal Trade Commission, and the CIA. They convinced her that her identity had been stolen and that they could help her avoid money laundering charges. Her bank tried, unsuccessfully, to indicate that she might be a victim of fraud.

This is a myth.

What should you do?

The people who run these online scams do it day in and day out. They are skilled at social engineering techniques designed to make their potential victims feel anxious and fearful. The best way to fight back is to avoid getting involved altogether. If you are helping a friend or relative who is not well-informed, here are some tips to give them.

1. Trust your instincts

One of the common threads in every story I read about online scams is the victim’s sad comment: “I should have trusted my instincts.”

If something doesn’t feel right, it probably is. The smartest thing to do when you receive a suspicious unsolicited email is to simply delete it. If you get a pop-up warning that your computer is infected, press Ctrl+W (Command+W on a Mac), which is a general shortcut to close a tab. Press Ctrl+Shift+W (Command+Shift+W on a Mac) to close all tabs.

2. Keep calm

Every online scammer has a script filled with terrifying scenarios to convince you that you are in danger and that you must act immediately to avoid losing money or being caught. The world doesn’t work that way. There will be plenty of time to call your bank or credit card company later. Don’t panic.

3. Do not dial in that email or pop-up

The whole point of a phishing attack is to trick you into talking to someone you’re not. If someone sends you a message trying to convince you they’re from Amazon, Apple, Microsoft, or McAfee, they’re probably lying. If they claim to be from your credit card company, call the number on the back of your card or printed bank statement and ask to speak to someone in the fraud department.

4. Keep your personal information private

No contact from a legitimate company will ever ask you for your password, PIN, or credit card details. If they start asking for that information, ask them a few questions, such as what your account number is and what the last four digits of the card they have on file are.

And if they can’t answer, that says something, right?

5. When in doubt, hang up and call someone you trust

Once a scammer has called you, no matter who it is, know that they are very good at creating panic and paranoia. The best antidote? Talk to a trusted friend or family member. Or call your bank or credit card company! Unfortunately, they have a lot of experience with this scam.

6. Well, if someone tells you to go to a Bitcoin ATM, it’s a scam.

Legitimate organizations do not ask you to send them Bitcoin deposits or gift cards.

If you don’t believe me, Just ask the FTC.

This article was originally published on July 15, 2024. It was last updated on August 17, 2024.