Scammers are always coming up with new ways to take money from innocent people. And while the tech support scams that we’ve examined before are still common, you should be aware of a similar scheme that takes a different path.
These scams are typically known as refund scams. Let’s take a look at how tech support refund scams work so you know how they operate, and what you can do to stay safe.
What Is a Refund Scam?
You may be familiar with the idea of a refund scam if you’ve sold goods online before. In this setup, someone typically “overpays” you for an item and claims that it was an accident. When you send them the extra money back to correct the “error,” they cancel the original payment and thus steal your money.
Tech support refund scams follow a similar setup. Let’s walk through how malicious individuals have set them up, so you don’t fall victim to this.
Step 1: The Initial Bait
Like many scams, refund scams often start over the phone or by email. You may receive a recorded phone call letting you know that a service you’ve purchased is going out of business and they want to refund the money you spent on it.
Similarly, you may get an email claiming that you’re owed a refund because you haven’t used a service that you bought in a while. They’ll provide a phone number for you to contact so you can get your “refund.”
Like other dangerous emails, these are trying to grab your curiosity so you act quickly. When you think about it for a bit, though, it’s clear that these are fake. Legitimate companies do not keep track of your app usage and offer you refunds via mail or robotic calls.
Also, sometimes, these communications are vague about the specific app or service being refunded, which is a red flag.
Step 2: The Scammer Connects to Your PC
If you follow up on the email or call, you’ll be connected with the “refund department,” supposedly for “Microsoft” or another major company. Like in the classic tech support scam, they’ll tell you that they must connect to your computer to process the refund. To do so, they’ll prompt you to install remote control software like TeamViewer, AnyDesk, or similar.
Once they connect to your computer, they’ll ask you to log into your bank. They claim that they need to do this to process the refund.
Again, this should raise major concerns. You should never allow anyone to connect to your PC remotely that you don’t expect and trust. If a company was actually sending you a refund, they don’t need to connect to your PC or be logged into your bank to do it.
Step 3: The Fake “Refund”
Once you’re logged into your bank, the scammer will pull their main trick. They’ll ask how much your “refund” was supposed to be, then tell you to take note of the balance in your checking account.
Next, they’ll use a feature of the remote control software to black out your screen so they can’t see what they’re doing. The scammer tells you that the black screen is for a “secure connection,” which is nonsense. While you can’t see, they promise that they’re “sending your refund,” but they’re deceiving you instead.
If your bank has a second account (such as savings), what they actually do during this time is simply transfer money from one account to another. The heart of the scam, however, is that they “send” more money than your refund was supposed to be. For example, if the refund amount was $500, they might “transfer” $5,500 instead.
To obfuscate the fact that they just transferred money between your accounts, the scammers edit the text of your bank’s website to make it look like you received money from the “refund department” instead of a transfer between accounts.
This is a simple operation that you can do in any browser. Right-click on some text and choose Inspect, and you’ll open up a developer menu. By clicking the text in the HTML view, it’s trivial to change that on the page to whatever you want it to. However, this isn’t actually changing the balance in your bank account. As soon as you refresh the page, the changes reset.
If your bank only has one account, they’ll use the same trick to “change” the balance.
Step 4: The “Overpayment” Demand
Once the scammer has done their work, they’ll remove the blackout from your screen so you can see it again. The person on the phone will then ask you to verify that you received the “refund.” At this point, they expect you to let them know that they sent you too much money—this is why they made sure you checked your balance before starting.
They’ll act surprised and “realize” that they made a “mistake” and sent you too much. The scammer worriedly tells you that they might lose their job if you don’t send them back the extra money. If you continue and ask them how you can repay them, they’ll tell you to visit a grocery store or supermarket and buy thousands of dollars in Google Play, iTunes, or similar gift cards.
Payment by gift cards is one of the telltale signs of a scam call. Scammers want you to buy gift cards and read the claim codes over the phone so they can redeem the funds and likely use them to make money through their own bogus apps. Compared to bank transfers or credit card payments, gift cards are virtually impossible to trace.
Remember that legitimate businesses will never ask you to pay them in gift cards. Anyone who does this is trying to steal from you. If you’d like to see a real refund scam in action, we recommend watching the below video:
Staying Safe From Refund Scams
If you refuse to buy the gift cards, the scammer will likely get angry and may threaten you. They’ll tell you that you’ve stolen their money and they plan to sue you over this, which is ridiculous. However, the scammers could take other malicious action with your computer while they have control of it.
They may try to put a password on your account if you don’t have one already, which is why you should keep your account password-protected. Sometimes they’ll start deleting your files. Another common scare tactic is to use the same HTML editing trick to make it look like your bank balance is zero.
If you get one of these calls, just hang up. Never risk your PC security by letting them connect to your PC. And make sure your loved ones know about these attempts so they don’t get tricked by these crooks.
It’s always important to ensure you are talking to legitimate tech support staff, from a legitimate company. Always be on the lookout for telltale signs that the caller is not genuine and never feel forced to give out your personal details.
Now that you know about these scams, make sure you don’t fall victim to SMS phishing, either.