Imagine getting a call or email from what appears to be a tech support company offering you a refund for services you previously paid for. Sounds like a nice surprise, right? Don’t fall for it. The “fake refund” scam is one of the most devious tricks in a cybercriminal’s playbook—and it’s costing victims billions.
How does the fake refund tech support scam work?
The scam follows a carefully rehearsed script designed to build trust and then exploit it:
- The scammer initiates contact. You receive an unsolicited phone call, email, or pop-up message from someone claiming to represent a well-known tech company—Microsoft, Apple, Norton, or your internet provider. They tell you they owe you a refund for a past service, subscription, or overpayment.
- They request remote access. To “process the refund,” the scammer asks you to download a remote desktop tool like AnyDesk, TeamViewer, or UltraViewer. This gives them full control of your screen.
- They ask you to log into your bank. Once they have remote access, they instruct you to sign into your online banking so they can “deposit” the refund directly. This is the trap.
- They manipulate what you see. While connected, the scammer edits the webpage or transfers money between your own accounts to make it look like they accidentally refunded too much. Then they pressure you to “return” the difference—usually via gift cards, wire transfer, or cryptocurrency.
The result? The criminal now has access to your device, your banking credentials, and potentially your entire financial life.
Tech support scams are a billion-dollar problem
This isn’t a small-time hustle. According to the FBI’s 2025 Internet Crime Report, tech and customer support scams accounted for more than $2.1 billion in reported losses in 2025, making it one of the costliest cybercrime categories tracked by the bureau. And those numbers only reflect what was actually reported—the true toll is likely much higher.
Red flags that signal a fake refund scam
Watch for these warning signs every time:
- Unsolicited contact. Legitimate tech support, security, and customer service companies do not call, email, or message you out of the blue offering refunds.
- Requests for remote access. No real company will ask to remotely connect to your computer to process a payment or refund.
- Pressure to log into your bank. A legitimate refund would never require you to open your online banking while someone else controls your screen.
- Urgency and panic tactics. Scammers create artificial time pressure—”this offer expires today” or “we need to fix this immediately”—to stop you from thinking clearly.
- Requests for gift cards or wire transfers. No legitimate business processes refunds through gift cards, cryptocurrency, or wire transfers. Ever.
What to do if you’re targeted
If you receive a suspicious refund call or email, take these steps:
- Hang up or delete the message immediately. Do not engage.
- Never grant remote access to anyone who contacts you unsolicited.
- Contact the company directly. If you think the refund might be real, look up the company’s official phone number yourself and call them.
- Report the scam. File a complaint with the FBI’s IC3 at https://www.ic3.gov and the FTC at https://ReportFraud.ftc.gov.
- If you already gave access, disconnect your device from the internet immediately, run a full antivirus scan, change your banking passwords from a different device, and contact your bank.
The golden rule is simple: legitimate companies will never initiate unsolicited contact to offer you a refund. If someone reaches out claiming to owe you money and asks for remote access to your device or wants you to log into your bank, it’s a scam—every single time. Hang up, delete the message, and protect your accounts.
