Fake Norton / Geek Squad Renewal Email Script
Emails impersonating security software or tech-support brands claim your subscription has auto-renewed for a large sum and provide a phone number to cancel — leading to a remote-access or gift-card scam.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Your [security software] subscription has been renewed for [amount]. Your account will be charged on [date]. To cancel: [phone number].
Geek Squad Invoice [number]: Annual Protection Plan — [amount] charged. If you did not authorise this, call [phone number] within 24 hours.
Thank you for your renewal of [amount]. A receipt has been sent. To request a refund, call [phone number] immediately.
Your subscription auto-renewed. To opt out and receive a full refund, contact our billing team: [phone number] or [fake link].
What the scammer wants
To create panic about a large unexpected charge so you call, at which point the scammer extracts remote device access or payment — often claiming the 'refund' was sent incorrectly and asking you to buy gift cards to return the 'excess'.
Red flags in the message
- Large renewal charge you do not recognise, arriving only by email
- Phone number prominently displayed to 'cancel' or 'dispute'
- Urgency — act within 24 hours or the charge stands
- Email sender address does not match the brand's real domain
- No matching charge in your real bank account or card statement
- Agent on the call asks you to install remote-access software
- Agent says refund was sent as too much and asks you to return the difference by gift card
A safe response
Do not call the number in the email. Check your real account with the software provider by typing their official web address, and check your actual bank statement. Report the email as phishing and delete it.
What not to send
- Remote access to your device
- Gift-card codes to 'return' an overpaid refund
- Bank login details or one-time codes
- Personal or card details to the caller
What to do if you already replied
- If you allowed remote access, disconnect immediately and uninstall the tool
- Change all passwords from a separate clean device
- Contact your bank if any funds were moved or card details shared
- If you gave gift-card codes, contact the card issuer right away
- Report the email to your email provider and national fraud authority
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times