If you receive an email letting you know about charges for a service you've never used, or offering a refund because the company is going out of business, you should beware. Following up with this email will very likely open you up to a scam.

These tech support refund scams are similar to the usual tech support scam, but they differ in a few ways. Let's look at how scammers set up refund scams so you can identify the signs and stay safe.

What Is a Refund Scam?

If you've sold items on sites like eBay or Craigslist, you may be familiar with the core of a refund scam. In these schemes, someone "accidentally" overpays you for an item you're selling. They then ask you to send them back the difference, but if you do, you end up losing money because they cancel the initial payment and steal what you sent.

The tech support refund scam is similar, but incorporates elements of the classic tech support scam. You receive a phony email alerting you of a pending refund for some service, and when you reach out via phone, the scammers pretend to refund the money.

However, by "mistake", they "overpay" and ask you to send them the extra money using gift cards. Sending them money in this way means you'll never get it back.

Let's walk through a typical tech support refund scam to see how it operates. We'll unmask the scammers' tricks and common methods so you know what to look for.

How Do Refund Scams Start?

Typically, this scam begins by you receiving a phony email, though you may also see a popup alert, especially if you mistype a website name.

Refund Scam Email

The email will be something like the following:

  • A company offers you a refund because you haven't used its services in a while.
  • Your bank tells you that it's refunding a transaction because there was an issue with the payment.
  • A retailer claims that you've been double-charged for a purchase and thus need to contact them to resolve the error.

Knowing how to spot a phishing email goes a long way in stopping the scam here. While emails like this might look official at a glance, they almost always come from unrelated addresses, don't contain any information specific to you, and may be full of grammatical errors.

Remember that legitimate companies will not ask you to confirm payment details via clicking a link in an email, either. However, if you proceed, what happens next?

Signing Into Your Bank With the Scammer

If you reach out to the number provided in the email, you'll be connected with "the refund department" of "Microsoft" or whatever company the email mentioned. You might tell them that you don't want the service on offer, in which case the "representative" will be happy to help you with the "refund" process.

They'll guide you through installing TeamViewer, AnyDesk, or similar remote access tools so they can connect to your machine. After connecting, they might even set up unattended access to let them connect to and control your PC anytime it's on in the future.

Now, the scammer will ask you to log into your bank's website so they can "initiate the refund." Once you're signed in, they will likely ask you to note how much money is in your checking account, so you have that value in mind.

Fake Bank Login Page

The Fake "Money Transfer"

Now that the scammer has access to your online banking, the process begins. They'll black out your screen (using the remote access software) so you can't watch what they're doing. They claim that this makes the connection "secure," and may even ask you to write down a "refund code" or other meaningless info to distract you.

Now, they don't actually transfer any money to your bank, of course. Since most people have another bank account aside from checking (such as a savings or retirement account), they'll transfer money between your accounts to "increase" your checking balance.

Crucially, the con artist will "transfer" much more money than initially promised. So if they offered a $300 "refund," they might move $3,300 instead.

After they do this, to disguise the fact that they just moved money between your accounts, they may edit the HTML of the website to make it look like you received a payment from the "refund department."

The Mistake and "Repayment"

After they finish the phony "transfer," the scammer will let you see the screen again and ask you to confirm that you "received the payment."

When you mention that the "refund" was much more than expected, they'll act surprised and ask you to send them back the extra money. To appear "generous," they might say that you can keep a portion of the extra funds.

At this point, they expect the victim to ask how they can refund the money. The scammer insists that they can't take the money back the same way they sent it, so the victim will need to go buy gift cards for iTunes, Amazon, or similar.

If you somehow believed them up to this point, this request should be a giant red flag. No legitimate company will ever ask you to pay them in gift cards. They urge you to go out and buy them right away so you don't have time to think about it. If you refuse or ask questions, they will get angry and accuse you of stealing their money.

Should you continue on and buy the gift cards, they'll ask for you to read the claim codes on the phone or enter them into Notepad. Once you've done that, they take the codes and immediately redeem them, and your money is gone.

The primary reasons that scammers ask for gift cards is because they're almost impossible to track, unlike a bank transfer.

Refund Scam Variations and Other Tactics

We've described the basics of a refund scam, but each thief uses slightly different tactics.

For example, once they black out your screen, the scammer might try to put a password on your Windows account if you don't already have one set. Using this, they can lock you out of your computer and demand payment as ransom. This is why it's important to use a strong password for your account.

On older versions of Windows, they might use the SYSKEY function to require a password on boot. This effectively does the same as the above, by locking you out of your system.

As another variation, the scammer might install two remote access tools on your machine. For instance, they might start with AnyDesk, then use that to install TeamViewer on the victim's computer, connect to the scammer's PC, then switch who's controlling who. They do this because TeamViewer has the critical screen blackout functionality. However, that software blocks outgoing connections from certain regions due to frequent scams.

If you refuse to buy the scammer gift cards, they will likely get upset. They might employ the same HTML editing trick as earlier to make it look like your bank account balance is zero, claiming that they've drained your account and won't give the money back unless you pay.

Some scammers get much more upset and start looking at your photos, deleting your files, or trying to access your webcam. It's nasty, and illustrates why you should just hang up on these crooks. Once they have remote access to your computer, you can only kick them off by disconnecting from the internet or shutting down your computer.

Don't Let Refund Scammers Steal Your Money

As we've seen, refund scams are similar to tech support scams, but add a few layers that can make them confusing for people who aren't technically inclined. Due to the nature of the "refund," they may also target those who've fallen for similar scams before.

Never let someone control your computer unless you know and trust them. Certainly don't sign into your bank account at the request of that person. And never buy gift cards as a form of payment. The scammers' tricks are easy to understand once you know them, but have unfortunately fooled many people.

For more advice, see the telltale signs you're on the phone with a scammer. Share these tips with those who aren't as knowledgeable so they don't fall victim to these vile criminals.