Fake Antivirus Scams via Email
Criminals send alarming emails claiming your device is infected, pushing fake security software that charges fees or installs real malware.
Part of: Fake Antivirus Scams
Last reviewed: 1 June 2026
Fake antivirus emails exploit anxiety about digital security. The message warns that a severe virus or data breach has been detected on your device and instructs you to click a link immediately to run a 'free scan' or renew your 'expired protection'. The link leads to a site that either sells worthless software, installs actual malware, or both.
These emails often impersonate well-known security software brands, adding an air of credibility. Recipients who are less familiar with how real antivirus products communicate — silently, through their own interface, not via unsolicited emails — are most at risk.
How this scam works on Email
The email contains alarmist language ('Critical virus detected — your files are at risk') and a prominent button to 'Scan Now' or 'Renew Licence'. Some variants include a fake invoice for an antivirus renewal, relying on the recipient to call a support number to 'cancel', whereupon a fake agent pressures them into granting remote access or paying for a non-existent upgrade.
Some emails skip the website entirely, providing a phone number for 'virus removal support' — a vishing operation that leads to remote-access fraud and financial loss.
Common red flags
- Unsolicited email warning of virus infection — legitimate security software does not contact you this way
- Urgent countdown timer or warning that action is needed within hours
- Invoice or charge notification for software you do not remember purchasing
- Link domain does not match the named security company's real website
- Phone number provided for 'technical support' in the email body
- Attached file labelled as a 'removal tool' or 'scanner'
How to protect yourself
- Ignore and delete any unsolicited 'virus detected' email — your real antivirus communicates through its own interface
- Never call a phone number listed in an unsolicited security email
- Do not click download links or attachments in security-alert emails
- Keep genuine security software active and updated from the vendor's official website
- If uncertain, run a scan using your existing, trusted security software
How to report it
- Report to the security company being impersonated via their official abuse or brand-protection team
- Forward to your email provider's phishing report channel
- Report to national authorities: NCSC, FTC, or equivalent
Frequently asked questions
I clicked the link in a fake antivirus email — what should I do?
Close the page immediately and do not enter any details. Run a scan with your genuine, already-installed security software. If you downloaded anything, do not open it — a security professional or official support team for your real antivirus can advise further.