Person's hand holding a smartphone in the dark, with a call from an unknown caller on display.

If you receive a phone call notifying you that you’re eligible for a refund, it’s probably a scam. Understanding how these scams work can help you avoid them and warn others not to fall for them either.

The Setup

As the name may suggest, a refund scam operates by convincing the victim that they are entitled to some sort of compensation. While many people would be immediately suspicious of a cold caller telling them there is an amount of money waiting for them (either as an inheritance or competition win), a refund may seem a little more believable.

Scammers will cold-call potential victims and attempt to convince them they are eligible for a refund. They make use of examples like a company being closed down and no longer being able to provide a service that the user has apparently paid for. Security software like antivirus or antimalware is commonly cited, but no two scams are quite the same.

The scammers are hoping for one of two outcomes: that the user believes they are entitled to a refund (even if they don’t remember purchasing this specific service), or that the user doesn’t care and is hoping to receive the money anyway. As is often the case with these types of scams, the scammers are usually very pushy and aggressive in their approach.

They may attempt to convince targets that the scammer is required to return this money by law. To add to the believability, they may even reference a previous scam attempt that the victim may have been involved in.

How the Scam Evolves

Once a victim is convinced that they are entitled to a payout, the scam can take a few turns. Less complex scams may simply ask for payment details from the victim, for “depositing” money. They may ask for card details to process the refund, but, in reality, they’re stealing card details to commit fraud.

Other forms of this scam may involve an “administration” fee. This sort of scam is traditionally known as the 419 scam or advance-fee scam. To process the full refund, the scammer will ask the victim to pay a small processing fee. The fee will be relatively small in comparison to the supposed refund, and the scammer may even promise that the processing fee will be returned when the full refund is processed.

Much of the time, there’s a lot more to this scam. This is particularly true when the scammer is supposedly refunding security software. This begins with gaining remote access to the victim’s computer, often using legitimate remote access tools like TeamViewer or Ammyy.

TeamViewer for Mac

Scammers will convince targets that they need to install, uninstall, or update software to proceed. Once you’ve given a scammer remote access, they can wreak all sorts of havoc on your computer and finances.

Many of these refund scams come to a head with the scammer supposedly sending more money than the total refund amount. For example, rather than “sending” a $500 refund, they “accidentally” send a $5,000 refund. They will ask you to confirm the amount by logging in to your online banking accounts.

Since the scammer has remote access to your computer they can modify webpages using the “Inspect Element” tool in most browsers so that more money appears in the account. They may pick a recent transaction, change the name and amount, then amend your account balance to reflect the supposed payment. Refreshing the page would reveal that no payment was made.

HTML being edited with the Inspect Element feature in Safari
An account balance is easily modified in a browser.

Once this “mistake” has been drawn to the victim’s attention, they will attempt to get the victim to send back the excess amount (in the case of the example above, $4,500). The scam hinges on getting the account owner to send the money since banks now use two-factor authentication to verify new payees and large transfers.

Scammers can’t simply send money to themselves using your account, even with remote access to your computer. They need you to confirm the transfer, usually using a code sent to your mobile number via SMS (a text message). It’s not unusual for scammers to become emotional at this stage, posing as victims who are in trouble for making such a foolish mistake.

They will attempt to manipulate a target by getting irate, upset, or even aggressive. Since they have remote access to your computer, they have the upper hand here. They may use Windows System Key Protection (known as “syskey”) to lock users out of their computer. They may install ransomware, or even delete (or promise to delete) precious data like photos and documents.

RELATED: How to Protect Yourself from Ransomware (Like CryptoLocker and Others)

Refund Scams Often Target Previous Victims

Scammers are surprisingly organized. Not only do they trade lists of numbers and other contact information, but many also keep detailed notes and spreadsheets to profile potential victims for future use. This can include simple information like whether the phone number is valid, whether the owner answered the phone, but also whether the target was receptive to the scam.

Some scammers will attempt to double-dip and target previous successful victims. Since they already know that the victim fell for a previous scam, they may even cite specifics about previous dealings in a bid to build trust. Scammers may know the exact amounts that the victim lost to the scam, when it occurred, the victim’s full name and address, or even who they bank with.

Woman pressing hands against her forehead in stress, with a calculator and laptop in front of her.

The scam then proceeds in a manner that promises to recover the lost funds. Victims may be more susceptible to this scam since financial institutions may refuse to reimburse previous transactions that were authorized by the account holder.

How to Spot and Avoid Refund Scams

Ask yourself: how many times have you been contacted by a legitimate company out of the blue and received a refund? In the event a company goes bankrupt, companies usually don’t have to return any money. Accounts and assets are frozen, and customers are the ones that lose out. Companies that end support for a product or service usually transition customers to similar products, or simply stop taking payment.

You should immediately be suspicious of anyone calling, emailing, or contacting you by mail to notify you that there is an unclaimed sum of money waiting for you. If the money requires a “processing fee” or similar, it’s a scam. If the person on the end of the phone insists you install a system utility or remote helper application on your computer, it’s a scam.

If you do believe the caller is legitimate, ask for a phone number you can call them back on and explain why you’re doing it. Search the internet for any numbers they give you. Try calling the company using a standard customer service number and asking whether or not the previous correspondence was from them. Legitimate companies won’t mind you doing this, but scammers will.

Other Scams to Avoid

Microsoft does not cold call people to tell them there is a problem with their computer. Phone calls from numbers that are very similar to yours are probably scams. Incidents of SMS phishing or “smishing” have exploded in recent years. Scammers will even impersonate close family members by pretending loved ones have new contact information.

Stay safe by being vigilant, always questioning cold callers, and remembering that if it seems too good to be true then it probably is.

Profile Photo for Tim Brookes Tim Brookes
Tim Brookes is a technology writer with more than a decade of experience. He's invested in the Apple ecosystem, with experience covering Macs, iPhones, and iPads for publications like Zapier and MakeUseOf.
Read Full Bio »