November 9, 2022

What is a refund scam?

You may be familiar with the idea of a refund scam if you've sold goods online before. In this setup, someone typically "overpays" you for an item and claims that it was an accident. When you send them the extra money back to correct the "error," they cancel the original payment and thus steal your money.

Tech support refund scams follow a similar setup. Let's walk through how malicious individuals have set them up, so you don't fall victim to this.

Step 1: The initial bait

Like many scams, refund scams often start over the phone or by email. You may receive a recorded phone call letting you know that a service you've purchased is going out of business and they want to refund the money you spent on it.

Similarly, you may get an email claiming that you're owed a refund because you haven't used a service that you bought a while back. They'll provide a phone number for you to contact so you can get your "refund." Like other dangerous emails, these are trying to grab your curiosity, so you act quickly. When you think about it for a bit, though, it's clear that these are fake. Legitimate companies do not keep track of your app usage and offer you refunds via mail or robotic calls. Also, sometimes, these communications are vague about the specific app or service being refunded, which is a red flag.


Step 2: The scammer connects to your PC

If you follow up on the email or call, you'll be connected to the "refund department," supposedly for "Microsoft" or another major company. Like in the classic tech support scam, they'll tell you that they must connect to your computer to process the refund. To do so, they'll prompt you to install remote control software like TeamViewer, AnyDesk, or similar.

Once they connect to your computer, they'll ask you to log into your bank. They claim that they need to do this to process the refund.

Again, this should raise major concerns. You should never allow anyone to connect to your PC remotely that you don't expect and trust. If a company was actually sending you a refund, they don't need to connect to your PC or be logged into your bank to do it.


Step 3: The fake "refund"

Once you're logged into your bank, the scammer will pull their main trick. They'll ask how much your "refund" was supposed to be, then tell you to take note of the balance in your checking account. Next, they'll use a feature of the remote-control software to black out your screen so you can't see what they are really doing. The scammer tells you that the black screen is for a "secure connection," which is nonsense. While you can't see, they promise that they're "sending your refund," but they're deceiving you instead. To obscure the fact that they just transferred money between your accounts, the scammers edit the text of your bank's website to make it look like you received money from the "refund department" instead of a transfer between accounts.

This is a simple operation that you can do in any browser. Right-click on some text and choose Inspect, and you'll open up a developer menu. By clicking the text in the HTML view, it's trivial to change that on the page to whatever you want it to. However, this isn't actually changing the balance in your bank account. As soon as you refresh the page, the changes reset. If your bank only has one account, the scammer will use the same trick to "change" the balance. If your bank has a second account (such as savings), what they do during this time is simply transfer money from one account to another. The heart of the scam, however, is that they "send" more money than your refund was supposed to be. For example, if the refund amount was $500, they might "transfer" $5,500 instead.


Step 4: The "overpayment" demand

Once the scammer has done their work, they'll remove the blackout from your screen so you can see it again. The person on the phone will then ask you to verify that you received the "refund." At this point, they expect you to let them know that they sent you too much money---this is why they made sure you checked your balance before starting.

They'll act surprised and "realize" that they made a "mistake" and sent you too much. The scammer worriedly tells you that they might lose their job if you don't send them back the extra money. If you continue and ask them how you can repay them, they'll tell you to go to your bank and wire the funds back while providing you with wire instructions or they’ll tell you to visit a grocery store or supermarket and buy thousands of dollars in Google Play, iTunes, or similar gift cards.

Payment by gift cards is one of the telltale signs of a scam call. Scammers want you to buy gift cards and read the claim codes over the phone so they can redeem the funds and likely use them to make money through their own bogus apps. Compared to bank transfers or credit card payments, gift cards are virtually impossible to trace.

Remember that legitimate businesses will never ask you to pay them in gift cards. Anyone who does this is trying to steal from you. 


If you suspect you’ve been a victim of this or any other scam, contact your financial institution right away. Learn more about protecting yourself and your money.