Fake subscription renewal notices are doing the rounds again. Some of these scams impersonate Malwarebytes, and we’ve also seen them reach our customers.
You’re more likely to trust the message if you’re already a customer of the company mentioned in the email. That’s what the scammers are counting on.
So we want to make people aware that these scams are becoming increasingly common, and explain how to spot them.
Software renewal scams (including fake Malwarebytes “renewal” emails and calendar invites) are a specific, very active form of phishing and tech support fraud that contribute to millions of dollars in losses every year.
What to look out for
The template is easy enough to recognize once you know how to spot the signs:
- The sender’s email address doesn’t belong to the company the sender claims to represent. Often the messages come from compromised accounts or from lookalike domains designed to appear legitimate. Always check the sender’s email address carefully.
- The emails will often include lots of official-looking (but made-up) details and reference numbers, along with a charge large enough to provoke concern. The amount is typically several hundred dollars, but it can be much higher.
- The message usually ends with a phone number to call or a link where you can supposedly dispute the charge. The wording and amounts vary from scam to scam. The phone numbers change too, often using local-looking numbers or hosted voice services to appear more trustworthy. Below is one example we saw that uses a callback lure, encouraging the target to call a phone number and engage with a tech support scam:
Subject: Account Maintenance Update
From: <redacted sender name> <redacted-email@example.com>
Your order for Malwarebytes Ultimate Protection has been confirmed. The total amount of $276.50 USD has been successfully charged.
Invoice Details:
Invoice #: INV‑ZIDNQCWSMO
Product: Ultimate Security Pack
License Term: 3 Years
Seats: 3 Devices
Subtotal: $276.50 USD
Tax: $0.00 USD
Grand Total: $276.50 USD
Activation Code: 8fd14ea8‑4014‑4430‑ba19‑313554098112Your license is now active and will renew automatically.
For billing inquiries, reach us at +1 (810) 210‑5434.
- Other fake renewal notices may pretend to come from PayPal or other payment providers and direct you to a website where you’re asked to log in. These are phishing emails trying to steal your banking credentials.
How to stay safe
If you receive a subscription renewal communication claiming to be from us, our Help Center article explains how our legitimate renewal notices work and how to verify they’re genuine.
In general:
- Do not click links or call phone numbers in unsolicited emails.
- When in doubt, check the origin of the email by going directly to the company’s official website and ask about it through official channels. Don’t follow sponsored search results to get there, as these can be scams.
- Do not give out personal details, pins, passwords, payment information, or verification codes during an unsolicited call. Legitimate companies will not ask for passwords or verification codes over the phone.
- Never allow a stranger to take over your computer remotely. It allows scammers to quickly search your computer for valuable information.
Pro tip: Malwarebytes Scam Guard can help you determine whether an email is a scam and advise you on the next steps.
Something feel off? Check it before you click.
Malwarebytes Scam Guard helps you analyze suspicious links, texts, and screenshots instantly.
Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.
