Scam script · Email / chat

Fake Antivirus Subscription Renewal Email Scam Examples

Emails pretend to confirm a large antivirus or security software renewal charge, urging you to call a fake support number to cancel — where agents attempt to steal money or access your computer.

Last reviewed: 1 June 2026

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

Thank you for your [Security Software] renewal. Your account has been charged [amount] for a 3-year plan. To cancel or dispute this charge, call [fake number] within 24 hours.

Your [Security Software] subscription has auto-renewed for [amount]. If you did not authorise this, contact our billing team immediately at [fake number]. Reference: [fake order ID].

Invoice #[fake number]: [Security Software] 5-Device Premium Plan — [amount] charged to your account. Not you? Call [fake number] to receive a full refund.

IMPORTANT: [Security Software] annual renewal of [amount] has been processed. To opt out of future renewals or request a refund, call our 24/7 line: [fake number].

What the scammer wants

To get you to call a fake number where agents will either walk you through a 'refund' process that actually drains your bank account, or gain remote access to your computer to steal credentials and data.

Red flags in the message

You receive a charge confirmation for software you do not recognise or did not buy
The email urges you to call a phone number rather than log into your account
The sender email address is not the official software company domain
The agent asks you to download remote-access software to process your refund
Agent instructs you to open your bank account on-screen to verify the refund
The invoice amount is unusually high to maximise panic

A safe response

Do not call the number in the email. Check your bank and card statements directly — if no charge appears, the email is entirely fake. If you use the named software, log into the real website to manage your subscription.

What not to send

Remote access to your computer
Bank login credentials
Confirmation of any on-screen bank transfer

What to do if you already replied

If you gave remote access, disconnect from the internet and run a legitimate security scan
If you transferred money, contact your bank immediately and report the fraud
Change passwords for banking and email accounts that may have been visible

Evidence to preserve

Screenshot the full message or call details
Note the sender number, email, or profile
Save any links (without clicking) and payment details
Record dates and times

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

Thank you for your [Security Software] renewal. Your account has been charged [amount] for a 3-year plan. To cancel or dispute this charge, call [fake number] within 24 hours.

Your [Security Software] subscription has auto-renewed for [amount]. If you did not authorise this, contact our billing team immediately at [fake number]. Reference: [fake order ID].

Invoice #[fake number]: [Security Software] 5-Device Premium Plan — [amount] charged to your account. Not you? Call [fake number] to receive a full refund.

IMPORTANT: [Security Software] annual renewal of [amount] has been processed. To opt out of future renewals or request a refund, call our 24/7 line: [fake number].

Red flags in the message

You receive a charge confirmation for software you do not recognise or did not buy

The email urges you to call a phone number rather than log into your account

The sender email address is not the official software company domain

The agent asks you to download remote-access software to process your refund

Agent instructs you to open your bank account on-screen to verify the refund

The invoice amount is unusually high to maximise panic