Tech | Tricks | Tips | News

How to Spot and Avoid Tech Support Refund Scams

What Is a Refund Scam?

If you’ve sold items on sites like eBay or Craigslist, you may be familiar with the core of a refund scam. In these schemes, someone “accidentally” overpays you for an item you’re selling. They then ask you to send them back the difference, but if you do, you end up losing money because they cancel the initial payment and steal what you sent.

The tech support refund scam is similar, but incorporates elements of the classic tech support scam. You receive a phony email alerting you of a pending refund for some service, and when you reach out via phone, the scammers pretend to refund the money.

However, by “mistake”, they “overpay” and ask you to send them the extra money using gift cards. Sending them money in this way means you’ll never get it back.

Let’s walk through a typical tech support refund scam to see how it operates. We’ll unmask the scammers’ tricks and common methods so you know what to look for.

How Do Refund Scams Start?

Typically, this scam begins by you receiving a phony email, though you may also see a popup alert, especially if you mistype a website name.

The email will be something like the following:

  • A company offers you a refund because you haven’t used its services in a while.
  • Your bank tells you that it’s refunding a transaction because there was an issue with the payment.
  • A retailer claims that you’ve been double-charged for a purchase and thus need to contact them to resolve the error.

Knowing how to spot a phishing email goes a long way in stopping the scam here. While emails like this might look official at a glance, they almost always come from unrelated addresses, don’t contain any information specific to you, and may be full of grammatical errors.

Remember that legitimate companies will not ask you to confirm payment details via clicking a link in an email, either. However, if you proceed, what happens next?

Signing Into Your Bank With the Scammer

If you reach out to the number provided in the email, you’ll be connected with “the refund department” of “Microsoft” or whatever company the email mentioned. You might tell them that you don’t want the service on offer, in which case the “representative” will be happy to help you with the “refund” process.

They’ll guide you through installing TeamViewer, AnyDesk, or similar remote access tools so they can connect to your machine. After connecting, they might even set up unattended access to let them connect to and control your PC anytime it’s on in the future.

Now, the scammer will ask you to log into your bank’s website so they can “initiate the refund.” Once you’re signed in, they will likely ask you to note how much money is in your checking account, so you have that value in mind.

The Fake “Money Transfer”

Now that the scammer has access to your online banking, the process begins. They’ll black out your screen (using the remote access software) so you can’t watch what they’re doing. They claim that this makes the connection “secure,” and may even ask you to write down a “refund code” or other meaningless info to distract you.

Now, they don’t actually transfer any money to your bank, of course. Since most people have another bank account aside from checking (such as a savings or retirement account), they’ll transfer money between your accounts to “increase” your checking balance.

Crucially, the con artist will “transfer” much more money than initially promised. So if they offered a $300 “refund,” they might move $3,300 instead.

After they do this, to disguise the fact that they just moved money between your accounts, they may edit the HTML of the website to make it look like you received a payment from the “refund department.”