I was surprised to receive an email this week telling me that I had renewed my annual subscription for McAfee virus protection.
Why a surprise? Well, I think the only time I’ve ever run McAfee’s anti-virus product on one of my computers was back in the late 1990s when McAfee acquired the company I was working for at the time…
…and I certainly didn’t pay for that.
However, the email tells me that my bank account has already been debited for $249.99 (that sounds like a lot, even if it is to protect two devices with not just anti-virus but also “theft protection.”)
Here’s the email I received:
Hmm… that wacky McAfee logo composed with Unicode characters isn’t the only reason why this email raised my suspicions.
So, what’s actually going on here?
There’s no attachment to the email – so it’s not the case that the email is trying to trick me into opening a malicious attachment.
And there are also no links – so I’m not being duped into entering personal information or passwords into a phishing page.
Instead, this email wants me to scare me into making a phone call. According to the email, if I wish to cancel the subscription, I should call McAfee’s cancellation department immediately on the supplied toll-free number.
Of course, it’s not going to be a genuine McAfee employee who answers that phone call. But if I were able to telephone that number from the UK, my guess is that I would be tricked into handing over some personal financial information that would then be used against me.
I haven’t called the number, and if you receive a similar message you shouldn’t either. At the very least, check your bank account to see if you have actually been charged for something before you take any steps to get your money back…
Further reading: Kirk McElhearn and Joshua Long have delved rather more deeply than myself into what appears to be a similar cybercriminal campaign, posing as emails from GeekSquad. Read what they found out in their article on the Intego blog.