There are many types of scams on the web, but a prevalent one is called the refund scam. Countless people have lost thousands of dollars because of this scam. In this article, I hope to increase your awareness of these and similar scams to help protect you and your loved ones from getting ripped off. Especially of concern are the elderly, who may be easily confused by these scammers.

The scam starts with a phone call. Either you are called directly by a scammer, or an email directs you to call. The scammer pretends to be from Microsoft or another well-known company and claims that you are entitled to a refund for a canceled service, e.g., internet security. What the scammer does next is something that you should never agree to do unless you already know who you are talking to and trust them.

The scammer directs you to install a remote control program such as AnyDesk or Teamviewer. Once the scammer connects to your computer, he or she goes through a series of steps to convince you that they refunded too much money into your bank account. First, the scammer tells you to check your bank account to confirm the refund. While on the page of your bank account transactions, the scammer will blank your screen and modify the page HTML to add a line item with a deposit amount, which will, of course, be more than what they said they would refund you.

Your screen will be unblancked once the changes to the page HTML are made, which makes it appear that they refunded you too much money. For example, if they say they will refund you $50, they may modify the HTML of the bank transaction page to show a refund of $5,000. Then, they pretend that they noticed the mistake and ask that you send them the overage physically to your bank to withdraw money and send cash to a specific address.

Most people will recognize this as a scam from the beginning and not even install the remote-control software. Unfortunately, however, others, especially senior citizens, fall prey to this and similar scams. The scammers know that they can make tens of thousands of dollars from only a tiny percentage of people they call fooled by the scam.

You can do several things to protect yourself from this kind of scam.


Do not install remote control software

Don’t install remote control software on your computer as a result of a random phone call. There is no need for someone to obtain a remote connection to your computer to process a refund. If you have allowed a remote connection to your computer and your screen goes blank, immediately disconnect the network cable, turn off Wi-Fi, or turn off your computer.

There will be times when you may initiate a call to technical support (e.g., Verizon or Microsoft), and they may require a remote connection to your computer. The vital difference here is that you initiated the phone call through contact information you already have, not from someone who calls you out of the blue.


Don’t talk to them

It is unlikely that Microsoft, for example, would call you about a refund for a service you may or may not have. Instead, they would send you an email about the service. Of course, you should know what services you are subscribed to, as we will discuss shortly.

Furthermore, for example, Microsoft would not ask to connect to your computer to give you a refund for a discontinued service, nor would they need you to sign in to your bank account.

Therefore, if you get a call claiming to be from Microsoft, hang up. It is most likely not Microsoft. The more you talk to the scammer, the more you are drawn into believing them. So don’t talk to them in the first place.


Know what services you have

You should be familiar with the services that you have active subscriptions. Sign in to the account in question and see for yourself if there is a refund or an issue. Don’t blindly believe a random phone call or email from a stranger claiming a subscription was canceled or you are owed a refund.

Verify the claims of a person who calls you and claims that Microsoft canceled your security subscription or the like by signing in to that service yourself. Hang up the phone if you are not aware of the service in question. You can check your credit card or payment methods to verify that a charge for the claimed service was made.



Scammers know that their scam will not fool most people. However, they also know that they will make tens of thousands of dollars from a small percentage of people who fall for the scam. Therefore, you must remain diligent and protect yourself from these scammers.

Be suspicious of anyone claiming to be from a well-known company that owes you money. Be suspicious of anyone wanting to obtain a remote connection to your computer from a phone call you did not initiate (for technical support). Do not blindly call back or click links in an email.

No reputable company will tell you to withdraw cash from your bank account and send it to them. Don’t allow yourself to be drawn in by fast-talking scammers. Don’t be afraid to hang up the phone.

A Real Example

Here is an example of a scam from an email that I received.

From:                      Order
To:                           William Cunningham
Subject:                  Confirmed
Date:                       Monday, May 31, 2021 11:36:26 AM


Norton Logo
Dear Customer,

Thank you for your order! ORDER # 036547895 Norton Symantec

Plan- 2nd year Term PC Protection plan: The amount paid $399.99 and your service will be renewed for the next 2 years.

Here is the summary of your recent purchase. If you have any questions or wanted to cancel your order, PLEASE CALL +1 (855)208-2114.

PRODUCT NAME: Norton LifeLock security

Date: 31th May 2021

STATUS: Approved

Transaction Status: Auto Debited from checking account

OUR ADDRESS: 1293 S Broadway Ave Unit 2 Denver, CO 80211 OFFICE HW.

Analyzing the Email

Is the email legitimate? Did I accidentally or did someone else purchase this service using my checking account? Here are some things to consider and do to determine if the email is legitimate.


  • Do not panic and react immediately to the email. Your first response might be to become alarmed because it appears that you paid for a service that you were not aware you had. You may reason that you subscribed to the service accidentally. Your first response may be to undo the subscription and get a refund.
  • The “From” address shown as “Order” in the email does not go back to the Instead, it goes back to a Gmail account.
  • Notice that a name is not used, but instead, “Dear Customer.”
  • Notice also the use of “Norton Symantec,” which is improper. The name of the company is NortonLifeLock (formerly Symantec) and the product brand is Norton. The “Norton” brand has been around since the 198os. I remember using a product called “Norton Utilities” back in the 1980s and 1990s.
  • Notice the use of “Plan-2nd year Term PC Protection.” That should alert you that English is not the author’s primary language. We would say “Plan: 2-year term…”
  • Notice the use of “if you have any questions or wanted to cancel…” Again, English is not the author’s first language. We would say, “if you have any questions or want to cancel…”
  • Norton LifeLock Security is not a Norton product. NortonLifeLock (formerly Symantec) is the name of the company providing consumer security software and services.
  • The transaction status states that the funds were auto-debited from a checking account. I simply needed to manually check my checking account was debited the amount indicated in the email. It wasn’t.

It didn’t take long for me to confirm that the email is a scam. I do not have a NortonLifeLock account. No funds for this transaction were taken from my checking account. The other mentioned clues led me to conclude that the email is not legitimate.

You should be sure to follow a similar process to determine if an email is legitimate.  The last thing you should do is call the number shown in the email, which is probably just the first step in a refund scam. Remain diligent to protect yourself in cyberspace.

Share This