Fake Antivirus Scams Collecting Payment via Zelle
Scammers posing as antivirus vendors or tech support agents instruct victims to send Zelle payments to activate fake security software or receive fabricated refunds.
Part of: Fake Antivirus Scams
Last reviewed: 1 June 2026
The antivirus refund variant of this scam is particularly devious when Zelle is the payment channel. Victims are told their old subscription was overcharged and a refund is being processed — but to receive it, they must first 'confirm' their banking details by sending a small Zelle test transaction. The test transaction goes directly to the scammer and is never refunded.
Zelle's deep integration with US bank accounts makes it an easy target for this mechanic, as victims can be walked through the transfer within their existing banking app without ever visiting an unfamiliar platform.
How this scam works on Zelle
The victim receives an email stating their antivirus subscription has been renewed at an inflated price. When they call the cancellation number, the agent offers a full refund via Zelle. To process it, the victim must send a 'test transaction' to a Zelle address to verify their account before the refund is issued. The test transaction is never returned.
In direct variants, victims are told that a new antivirus licence costs a specific amount and the fastest payment is Zelle. The agent walks them through the bank app payment process while on the phone, ensuring the payment is completed before any hesitation arises.
After a first payment, scammers may claim the licence was entered incorrectly and a second Zelle payment is needed to correct the error.
Common red flags
- Antivirus refund or subscription payment is requested via Zelle
- A 'test transaction' must be sent before you receive any refund
- Agent guides you through your bank app while on the phone
- Renewal amount on the supposed receipt does not match any subscription you recognise
- Recipient Zelle address is a personal phone number or email rather than a business account
- Follow-up payment requests appear after the first transfer
How to protect yourself
- Antivirus vendors do not process refunds or subscription activations via Zelle — this is always a scam
- Verify any subscription renewal claim by logging into the vendor's website directly, not via a link in the email
- Never send a test transaction to receive a refund — legitimate refunds go directly to your original payment method
- Report the scam to Zelle through your bank's app if a fraudulent transfer was made
- Cancel any subscription through the official vendor portal rather than a number found in a renewal email
- Inform your bank so they can monitor for further attempts on your account
How to report it
- Report the fraudulent Zelle transaction to your bank as an authorised push payment scam
- File a complaint with the FTC at reportfraud.ftc.gov
- Report the originating email to your email provider as phishing
Frequently asked questions
How can I check whether a renewal email is genuinely from my antivirus provider?
Do not click any links in the email. Instead, navigate directly to your antivirus provider's website and log into your account to check your subscription status and renewal history. Genuine renewals will appear in your account dashboard.