Fake Subscription Renewal Scams: Geek Squad, Norton, and McAfee Emails
An email or text lands in your inbox with an official-looking invoice. Your Geek Squad, Norton, or McAfee subscription just renewed for a few hundred dollars, it says, and if you did not authorize it, call this number right away to cancel or dispute the charge. Your stomach drops. You do not remember signing up for this.
That panic is the entire goal. There was no charge, and the invoice is bait. The scam is built to make you call the number, where a friendly “agent” can reach your computer, your bank account, or both. This guide explains how it works, shows a real example, and tells you exactly what to do instead.
What it is
This is a phishing scam built around a fake invoice. The message claims you were charged for a subscription renewal you do not remember, and it pressures you to call a “support” or “billing” number that connects you to the scammer, not the real company. Best Buy’s Geek Squad, Norton, and McAfee are favorite disguises because so many people use them.
The clever part is what the message leaves out: there is usually no link to click. Just a phone number and a short deadline. That design slips past spam filters and gets you to start the call yourself, which feels safer than clicking a suspicious link.
How it works
- You get an official-looking invoice by email or text for an auto-renewed subscription, often $299 to $499.
- There is no link, only a phone number and a short window to dispute the charge.
- When you call, the “agent” offers a refund and asks to connect to your computer to “process” it.
- They then claim they refunded too much by mistake and pressure you to repay the difference, usually in gift cards, while they may quietly install spyware or open your bank accounts.
The fake-refund twist is the heart of the scam. Once they are on your screen, they show you a “refund” of far more than the invoice, act panicked, and beg you to send back the extra so they “do not lose their job.” The overpayment never happened, but the gift cards you buy to “repay” it are very real.
A real example
Bill, 69, receives a tidy email: his Geek Squad protection plan has renewed for $399.99, and he should call within 24 hours to cancel. Worried about the charge, he calls. The agent is friendly and reassuring, and offers a full refund. He asks Bill to install a screen-sharing app “so we can send the money back to your account.”
On screen, the agent pretends to refund $3,999 instead of $399, then sounds frantic, claiming he typed an extra zero and will be fired unless Bill returns the $3,600 difference in gift cards. Bill, wanting to help and flustered by the pressure, buys the cards and reads off the numbers. There was never a charge, never a refund, and never an overpayment. Only the gift cards were real.
By the numbers
- Best Buy’s Geek Squad was the most-impersonated company in scam reports to the FTC in 2023, with around 52,000 reports (FTC).
- Fake Norton and McAfee renewal notices are among the most common scam emails, and the FTC has received hundreds of thousands of related reports (FTC).
- Fake renewal invoices typically claim charges of about $299 to $499, large enough to alarm you into calling (FTC).
Red flags to watch for
- An invoice for a subscription you do not remember buying.
- No clickable link, just a phone number and a deadline.
- An offer to refund you that requires remote access to your computer.
- A claim that you were “refunded too much” and must repay the difference in gift cards.
- Poorly matched sender addresses or small errors in the company name.
How to protect yourself
- Do not call the number in the message. That single step defeats the scam.
- Check your accounts directly. Look at your real bank or card statement and log in to the company’s official site or app to see if any charge exists.
- Never let a “refund” agent connect to your computer. No real refund requires remote access.
- Know that a genuine refund never involves you repaying part of it in gift cards.
- Reduce the flood of these messages. Scammers blast fake invoices to email addresses and phone numbers harvested from data breaches and data-broker sites. Removing your information from broker sites, which a privacy or data-removal service can do for you, helps cut down on the volume.
- Report and delete. Forward the email as phishing to your provider and to the company being impersonated, then delete it.
If you’ve already responded
Disconnect your computer from the internet and have a trusted person or a reputable repair shop check it for any software the scammer installed. Call your bank or card company, change your passwords from a different, safe device, and keep any gift-card receipts. Report the scam to the FTC at ReportFraud.ftc.gov.
In the news
- FTC: How to recognize a fake Geek Squad renewal scam
- 3 Geek Squad scams and how to recognize them (LifeLock/Norton)
Sources
Frequently asked questions
Did Geek Squad or Norton really charge me?
Almost certainly not. Check your real statement and the company's official site. The invoice is bait to make you call.
Why is there no link, only a phone number?
That is on purpose. It slips past spam filters and gets you to start the call yourself, which feels safer.
The agent wants to refund me. Is that safe?
No. A "refund" that requires remote access to your computer or repayment in gift cards is the scam.
What if I already let them onto my computer?
Disconnect it, have it checked by someone you trust, change your passwords from another device, and call your bank.
See if KinKeeper is right for your family
Daily check-ins by call or text. Free to start, no credit card.
Get Started