The email spam campaign “Payment For McAfee Subscription” refers to fake emails that deceive recipients into thinking they need to make purchases or renewals for McAfee anti-virus.
It is crucial to note that these emails are not associated with the legitimate McAfee Corp. Instead, their intention is to trick recipients into calling the provided telephone numbers, leading them into a callback scam.
Overview of the “Payment For McAfee Subscription” email scam
We have examined five emails from the “Payment For McAfee Subscription” campaign, but there are likely many more variations. These emails vary in design, ranging from plain text to formatted messages featuring McAfee’s logo and related graphics.
The content of these emails may differ, but they all share a common theme: the recipient is billed for a product or service from McAfee, and if they have any questions or wish to cancel, they are instructed to call the provided number. As mentioned earlier, these emails are fraudulent and have no affiliation with the real McAfee company.
This type of spam operates as a callback scam, which aims to generate revenue for the scammers. However, their methods can vary significantly. The criminals may attempt to obtain sensitive information, trick victims into making fraudulent transactions, or infect their devices with malware. During the phone call, the scammers pose as support or technicians and follow different scenarios.
When targeting data, cybercriminals may ask victims to disclose or enter their information on a phishing website or file, or they may extract it using malware. The information they seek includes personally identifiable details (such as names, ages, addresses, occupations), log-in credentials (for online banking, e-commerce, email, social networking, and other accounts), and finance-related information (such as bank account numbers, credit card details).
These schemes often involve requesting that users grant the “support” or “technician” remote access to their devices, utilizing software like AnyDesk, TeamViewer, or UltraViewer. This is a common tactic used in refund and tech support scams.
McAfee Subscription Renewal Scam
In refund scams, victims are asked to log into their online bank accounts, and the scammers darken the screen on the user’s end while they are supposed to enter the refund amount. The scammers claim that an error occurred during the transaction, resulting in a larger amount being transferred. However, these techniques do not actually affect the funds in the account; they merely create the illusion of a larger transfer. The criminal then demands the excess amount to be returned.
In tech support scams, scammers pretend to run diagnostics, discover viruses or “connected hackers,” and perform fake malware removal processes. The fees for these bogus services are typically exorbitant.
Furthermore, while connected to the victim’s computer, the criminals can remove legitimate security tools, install fake anti-viruses, steal data, or infect the system with malware such as trojans or ransomware.
Computers can also become infected without remote access if criminals trick users into visiting websites that proliferate malware. These websites can stealthily infiltrate software or entice visitors into downloading and installing malware themselves.
Scammers often request money to be transferred using difficult-to-trace methods, such as cryptocurrencies, gift cards, prepaid vouchers, or concealing cash in packages that are shipped.
Regardless of the specific tactics employed, victims of callback scams may suffer multiple system infections, data loss, severe privacy breaches, significant financial losses, and identity theft.
If you have allowed cybercriminals to remotely access your device, it is crucial to disconnect it from the internet. Afterwards, uninstall the remote access software used by the criminals, as they may not require your consent to reconnect. Finally, perform a full system scan with a reputable anti-virus program to detect and remove any identified threats.
If you believe that your login credentials have been compromised, we recommend changing the passwords for all potentially affected accounts and contacting their official support. If you suspect that other sensitive data, such as ID card details or credit card numbers, has been compromised, it is essential to contact the appropriate authorities immediately.
| Name | Payment For McAfee Subscription Spam |
| Threat Type | Phishing, Scam, Social Engineering1, Fraud |
| Fake Claim | Recipient is being billed for a McAfee product/subscription |
| Scammer Phone Number | +1 877 371 2385, +1 818 293 8028, +1 (888) 306-1173, (888) 404-4624, 320-566-9101, +1(830-267-4097), 808-468-8860, 855-522-4401, 833-469-4751, +1-740-247-0459, 888-278-1649, +1 (805)-(960)-(5349), 843-888-7720, (888) 988-6921, 808-320-6786, 855-708-1312, 844-407-4215, +1 (808) 229-4068, +1 866 201 9479 |
| Disguise | McAfee |
| Symptoms | Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the computer. |
| Distribution methods | Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains |
| Damage | Loss of sensitive private information, monetary loss, identity theft, computer infections |
| Malware Removal (Windows) | To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Gridinsoft. |
General overview of spam campaigns
Our analysis has revealed thousands of spam emails and in addition to phishing and various scams, these emails are often used to distribute malware. Spam emails commonly masquerade as “important,” “urgent,” or “priority” messages and may even impersonate legitimate companies, service providers, organizations, institutions, and other entities.
Considering the prevalence of these deceptive and dangerous emails, it is crucial to exercise caution when dealing with incoming emails, PMs/DMs, SMSes, and other messages.
Methods used by spam campaigns to infect computers
Spam emails may contain attachments or links that lead to infectious files. These files can be Microsoft Office and PDF documents, archives (RAR, ZIP), executables (EXE, RUN), JavaScript files, and more.
When an infected file is executed or opened, it triggers the download and installation of malware. For example, Microsoft Office documents often infect systems by executing malicious macro commands.
Preventing malware installation
We strongly advise against opening attachments or clicking links in suspicious emails and messages, as they may contain malware that can infect your computer.
However, it’s important to note that malware can be distributed through means other than spam emails. Therefore, exercising caution while browsing the internet is crucial since fraudulent and dangerous content often appears legitimate and harmless. Additionally, download software from official and verified channels, and use legitimate functions or tools to activate or update programs.
Having a reliable and up-to-date antivirus software is essential for maintaining security. Regularly scan your system with the antivirus software and promptly remove any detected threats or issues. If you have already opened malicious attachments, we recommend running a scan with Gridinsoft Anti-Malware to automatically eliminate any infiltrated malware.
Below is a text variant of the “Payment For McAfee Subscription” email:
Antivirus Corporation We are pleased to inform you have sent $599.99 USD for buying McAfee AntiVirus Plus Security. This charge will be debited on your bank statement within 24 hours. Description Validity Unit Price Total McAfee AntiVirus Plus Password Manager, & 2GB Cloud Backup|3 Years|$ 599.99|$ 599.99| ||Sub Total|$599.99| ||Sales Tax|$0.00| ||Billed Amount|$599.99| In Words – Five Hundred Ninety-Nine Dollars and Ninety-Nine Cents Only. If you have any questions related to your recent purchase then call us now to cancel this order on our given Toll free number +1 (805)-(960)-(5349) our customer support executive will assist you.
Another variant
Subject: Thank you for trusting us! McAfee LLC. Invoice: #XXXXXXX Date of purchase: 10th of April, 2023 Dear Customer, This is a receipt for late buy. Your visa card Linked with your McAfee Account has been Auto Debited for $299.99 USD and your yearly membership has auto restored effectively. The payment has been cleared and will appear in the account statement within next 24-Hrs. Item Description: Item Info: Total Securities Installment Method : Auto Charged Price : $299.99 USD Purchase Receipt no : JHR8653472 In the event that you have any inquiry in regards to this Invoice or about the cancellation demand you can essentially arrive at our client to assist with the coating number. Our client assistance administration is accessible 24x7. Call on us: +1 877 371 2385 Thanks & Regards, Order Desk.
Another one variant:
Mcafee Ref Id # GL423746GB836247 We thank you for subscribing our annual security program. We would suggest you to kindly activate the license key in order to use our services. If you need any assistance please visit the "Help Section Page" or connect with our team at +1 (888) 306-1173. Your bank account is debited with 415.97 USD (Charged Annually). Order Summary: - Next Renewal Date: July 22, 2022 Description: Mcafee All-round Family Protection Amount: 415.97 USD We will continue debited the same amount every year from your bank account until we get verbal consent to cancel the services. If you face any technical issues while installing the software or you have any billing relate issues, please connect with our team at +1 (888) 306-1173. Thanks, Billing Team
One more scam variant:
Subject: Thank you for trusting us! McAfee User ID : NVTC567356 This email confirms the renewal of your service amounting to 247.57USD for the upcoming 3 years. The payable amount is automatically deducted from your account registered with us. It will take up to 24 hours to reflect in your banking statement. To cancel the subscription and the charges, you can contact us at the number below 1 - ( 7 4 0 ) - ( 2 4 7 ) - ( 0 4 5 9 ) Kind regards McAfee
One new variant:
We have received your request for renewal of the McAfee subscription, thank you. Your subscription will be renewed on December. 3. 2021. $348.07 will automatically be deducted from your bank account and will be reflected in your statement by today. PRODUCT INFORMATION:- Invoice Number : 63A-784/KO023 Product Name : McAfee Protection Quantity :1 Charge Amount : 348.07 / USD Pay Mode : Direct : Debit if you have any questions or need to cancel this order, please contact our customer support + 1 [818 293 8028] McAfee Auto Renewal automatically enrolls paid subscription services so that protection is not interrupted. Without the feature, you would never be protected. or check out our McAfee support website. Customer service is available 24 hours a day, 7 days a week. One McAfee Total Protection subscription allows you to protect one, five, or ten devices without skipping a beat, and most importantly without slowing down your family. Thanks & Regards, McAfee.
Most fresh variant McAfee scam:
PayPal McAfee Together is power DATE : 02-08-2023 Your Subscription With McAfee will Renew Today and $419.00 is about to be Debited from your account by Today. The Debited Amount will be reflected within the next 24. In case of any further clarifications or block the auto-renewal service please reach out Customer Help Center +1 (808) 229-4068 Customer ID 8764549845344 Invoice Number 78F4UFS8764 Quantity (One Year Subscription) Subtotal $419.00 Sales Tax $0.00 Total $419.00 If you didn't authorize this Charge, you have 24 Hrs. To cancel & get an instant refund of your annual subscription, please contact our customer care: +1 (808) 229-4068 You're receiving this mail as you've registered on the PayPal App & subscribed to our communication updates. Digitally Yours , PayPal McAfee Customer support : +1 (808) 229-4068
McAfee Trans no:#AV-436654654 Information regarding, your McAf-e-e-Premium Plan Has been Auto-Recharged with 299.99 USD. It was based on the TOS of the software and DIgital-Sign done by you at the time of initial implementation. For full information on license and usages, refer to your account. Question? +1 844 263 7048(Talk to Desk) Information Trx ID: YTUF-54645544 Ord ID : DGDF-346343 Description: McAf-e-e-Premium Plan for 02-years. Amt: 299.99 (USD) Date: Feb 27, 2023 AV-Home Plan Plan updated with account-associated with us. Your License Number: EYTS-34634-FGYDS-46342-WRTW In case you have any further query, please talk to Desk. Reach Us +1 866 201 9479(Talk to Desk) Please wait for minimum 2 business days (excluding weekends, holidays) for the details to be visible in your account. Please do not reply to this email. This mailbox is not monitored, and you will not receive a response
The newest variant of scam:
Invoice:- GHG6563 Date of Invoice: Feb 28, 2023 Customer Support: +1(4 0 1) 4 0 6-5 6 3 4 McAfee Together is power. Thank you for trusting on us. We are so grateful and hope we met your expectations. You have selected your 3 years device support. Description Service Details: McAfee Total Protection Date of support: Feb 28, 2023 Tenure: 3 Years full service Amount: $299.86 Device: Laptop/Mobile/Tablet/Crome Book Your Account will be Debited by $299.86 USD within 24Hrs. If you wish to cancel the transaction or you want to claim refund then please feel free to contact us our customer support number as soon as possible. Customer Support: +1(4 0 1) 4 0 6-5 6 3 4 Regards Billing Team
Removing the viruses with GridinSoft Anti-Malware
- Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
- Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
- When the scan is over, you can choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.
Now, when the virus is removed, you need to remember which logging keys you inputted after clicking the spam message. Malware is not omnipotent, and is not able to steal the logins and passwords which were not in use. So, keep calm and change the login details that are about to be compromised.
Frequently Asked Questions (FAQ)
The Payment For McAfee Subscription Email Scam is a fraudulent email campaign that tricks recipients into believing they need to make payments or renewals for their McAfee antivirus subscriptions.
The scammers send out fake emails that resemble legitimate communications from McAfee or associated entities. These emails contain invoices or notifications claiming that the recipient’s McAfee subscription needs attention or payment. When victims respond by calling the provided phone numbers, they are likely to encounter scammers who attempt to extract personal and financial information or gain unauthorized access to their devices.
Some common red flags include unsolicited emails demanding immediate payment, poor grammar or spelling errors, requests for personal information, and unusual or suspicious email addresses. Additionally, emails that create a sense of urgency or use threatening language should be treated with caution.
To protect yourself, be skeptical of unsolicited emails and verify their authenticity through independent means, such as contacting the company directly using official contact information. Avoid clicking on suspicious links or downloading attachments from untrusted sources. Maintain up-to-date antivirus software and regularly monitor your financial accounts for any unauthorized activity.
If you have provided personal or financial information or made payments as a result of the scam, take immediate action. Contact your financial institution to report the incident, monitor your accounts for any unauthorized transactions, and consider placing fraud alerts or freezes on your accounts. Additionally, update your passwords and run a thorough scan of your device using reliable antivirus software to check for any malware or compromised security.
User Review
( votes)References
- What is Social Engineering: Read Here
