“Free trial expiration” are email spam messages that are sent randomly to the users in order to inject the viruses into the PCs of lasts. These messages contain the notification that your free trial for a program has expired, and to cancel the further subscription you need to contact the support. However, the cases and content are different. Let’s check out how it works and how this scam looks like. In addition, I will show you the way to remove malware from your PC, if fraudsters already caught you on that lure.
Describing the free trial expiration scam
Email spamming became a very popular method of malware distribution throughout the last 2 years. Fake notifications about free trial expiration for a certain program is just one more example of such a fraud. To cancel the pseudo-subscription, fraudsters ask you to call the support. Last will force you to grant them with remote access to your PC and then install viruses. It makes the free trial expiration scam quite similar to the software renewal scam, which is active right now.
Name | Free trial expiration scam |
Type | Email spam |
Hazard type | Spyware, keylogger |
Malware source | Infected file you download for the demand of pseudo-support |
Disguise | Expiration of the free trial period of a certain program |
Protection methods | To remove possible virus infections, try to scan your PC |
Why free trial expiration? There is no real reason besides the attempt to catch your attention. A lot of users may not remember if they have an active free trial period, since they activated a lot of trials and forgot to check the expiration moments. Another element which allows this fraud to look like a legit notification is the fact that different companies have different free trial policies. One co automatically activates the paid subscription after the trial period, another notifies the user for several times, and then offers to choose the variant of paid subscription. Such an uncertainty allows the crooks to wear a disguise of the legit software developer and catch the inattentive users.
Checking out the message
The message you receive on your email looks like a usual notification, which can barely raise suspicion. Background also looks like something familiar. But in fact, such a company does not exist, or you have never used their free trial offer. Attentive user or one who doesn’t have a lot of applications in use will surely uncover this trick after a short look. Nonetheless, even being attentive, you can easily follow the lure, being tired or busy. No one can cancel the human factor. Here is the text of the email:
Dear Subscriber, *number of subscription or other identifier*
Your free period is almost over… How was it? But you chose to stay with us!
Your membership will be continued using a payment method you already mentioned.
In order to stay with us you will be charged $69.99 per month.
We are really excited that you are with us, let’s move to premium!
If you would like to learn more about your order, get in touch with the Customer Service Center at: *phone number* or visit our website.
Thank you for choosing *the company*
As you can see, besides the “friendly” text, fraudsters also make the victim nervous by specifying a large sum. $70 is not a very big loss, but it transforms into $840 per year. This sum is substantial, isn’t it? That’s why a lot of users try to cancel it, and follow the steps offered by the crooks.
What’s next?
As I have mentioned before, fraudsters offer you to call the number which you can find in the email. The alternative – visiting the website – will lead you to the same phone number. The website itself is a reason to raise suspicion. Its appearance is very strange, but the text can be even more dubious. Since the email text is different, “websites” are different, too. And some of the users say that the iCart website, which link was inside of the message, was just a blank thing. All text on this page was just a famous placeholder text Lorem Ipsum, repeated several times.
So, you called the number. Fraudsters on the phone will do everything to force you to download and launch the file with a virus. The exact virus, as well as the file is different. The majority of users say about spyware/keylogger trojan. Meanwhile, the file may be the exact virus executable file, as well as Word, Excel or PowerPoint document. Inside of the Microsoft Office files, malware is hidden into a macros – the native add-on for interactive content. The macroses are disabled by default, so the cyber burglars will tell you to enable their launch.
How can I avoid being involved in a free trial expiration scam?
There are several advices that will surely help you. However, they are repeated again and again in many sources, and became the truisms so far. Nonetheless, these advices are still useful and will surely help you to avoid becoming the victim of a free trial expiration scam.
- Keep in mind which programs you are using on a free trial. Receiving the email about the free trial expiration from an unexpected company will surely uncover the fraud for you.
- Do not trust the tech support of the unfamiliar company. There is no way to check if the so-called iCart, or any other program which is used as a disguise really has tech support on the offered number.
- Pay a lot of attention to what you are asked to do. If tech support says you need to download a file to cancel the subscription, they are trying to fool you. If they say that you must disable the antivirus software – that is a 100% sign of malevolency.
- Check the email address. Sometimes, the crooks mimic the legit companies which offer their services with a subscription model. Apple Music, YouTube Premium, Spotify, and different other services may be used in a free trial mode before turning into paid mode. These services send you the notifications, too, but the email address will be well-recognizable (with the use of corporate domain addresses and “Approved” signs.
What can I do if my PC becomes infected?
As it was mentioned, the free trial expiration scam is used to distribute spyware and keyloggers. These viruses are quite hard to detect, because stealthiness is their way to be effective. It is very important to detect and remove them as soon as possible, to prevent the stealing of some important information. I can recommend you to use GridinSoft Anti-Malware as a perfect tool which will remove the viruses and fix the system after the malware attack.
Don’t panic. The spyware activity is not a doom. Of course, the important data you have on your computer is definitely in danger, but the logging keys can easily be changed. First of all, you need to delete the viruses you have got through the employee retention credit virus. I can offer you to make use of GridinSoft Anti-Malware to perform this step.
Removing the viruses with GridinSoft Anti-Malware
- Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
- Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
- When the scan is over, you can choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.