← All guides
June 2, 2026 · 6 min read

Is This Geek Squad or Norton Renewal Email a Scam?

Got an email saying your Geek Squad, Norton, or McAfee subscription is auto-renewing for hundreds of dollars? It's a scam. Here's how the renewal-invoice trick works and what to do.

Short answer: an email saying your Geek Squad, Norton, or McAfee subscription is about to auto-renew for $300–$500, with a phone number to "cancel," is a scam. There's no subscription and no charge — the invoice is bait to get you to call.

This one is clever because it doesn't ask you to click anything. It wants you to pick up the phone. Here's the full trick.

Quick check: Don't call the number in the email. You don't have a subscription you forgot about. Check your actual bank or card statement and the real company's account page — the charge won't be there.

In this guide

How the renewal-invoice scam works

The email looks like a receipt: a renewal for antivirus or "tech protection," a big total, an order number, and — crucially — a support number to call if you didn't authorize it. No link to click, which helps it slip past spam filters and your own link-hovering habit.

When you call to "cancel the charge," a friendly agent offers a refund. To process it, they ask to:

  • install remote-access software so they can "help," then
  • log into your bank while they watch, or
  • claim they "accidentally refunded too much" and pressure you to send the difference back (often via gift cards or transfer).

The invoice was never real. The goal was always to get you on the phone and into your bank.

Why you keep getting Norton and McAfee versions

If you search Reddit or any scam forum for "Norton antivirus scam email" or "McAfee scam email," you'll find thousands of people getting the exact same invoices — often several a week, frequently to an address that never had a Norton or McAfee account. That's not a coincidence, and it doesn't mean you've been specifically targeted or "hacked."

These invoices are sent in bulk to enormous email lists. Norton and McAfee are used because they're household antivirus names, so a "your protection is auto-renewing for $429" line is believable enough that a fraction of recipients panic and call. The volume is the strategy: send millions, and even a tiny response rate fills the scammers' phone lines.

So getting one (or many) is normal and, by itself, harmless — the danger only starts if you call the number. Mark it as spam or report it as phishing in your email, and move on.

The red flags

  • A charge for something you never bought. You don't have this subscription.
  • A phone number instead of a link. Designed to move you to a live "agent."
  • A big, alarming total. $399 or $499 is large enough to make you call immediately.
  • An offer to refund via remote access or gift cards. Always a scam.
  • A generic sender address that isn't the real company's domain.

What a fake renewal invoice looks like

GEEK SQUAD PROTECTION — RENEWAL CONFIRMATION

Order #GSQ-884213
Plan: Total Protection (1 Year)         $429.99
Auto-renew date: today

If you did not authorize this renewal, call our billing
department immediately at +1 (8xx) xxx-xxxx to cancel.

The tells: a subscription you don't have, a scary total, and a "call us" number front and center. Real companies show your billing in your account — they don't rely on you calling a number printed in an email.

The refund-scam phase (where the real loss happens)

Calling the number rarely costs you money directly — the damage comes from what the "agent" does next. A common sequence:

  1. They confirm a "refund" and ask to install remote-access software to "process" it.
  2. With control of your screen, they open your online banking while you watch.
  3. They claim they "accidentally refunded $5,000 instead of $500" and panic you into believing you must return the difference.
  4. What you're really seeing is them moving your own money between your accounts to fake the overpayment — then you wire or gift-card the "extra" back to them.

No real refund ever requires remote access to your computer or a repayment in gift cards. The moment either comes up, hang up.

What to do

  1. Don't call the number. That's the entire trap.
  2. Check your real statements. Look at your bank or card activity and the company's official account page. No charge means nothing to cancel.
  3. If you already called or gave remote access, disconnect, uninstall any software they had you add, run a security scan, change your banking password, and call your bank using the number on your card.
  4. Report it. Forward the email to the real company through its official site, and file at reportfraud.ftc.gov.

For recovery details, see what to do if you clicked a phishing link.

Get it checked in minutes

If an invoice looks real enough to rattle you, don't call to find out. Forward it to FraudRoom at check@fraudroom.com and get a plain-English read on whether it's genuine — before you pick up the phone.

FAQ

Is the Geek Squad / Norton renewal email real?

Almost never. These emails invoice you for a subscription you don't have to make you call a fake support line. Check your bank statement and the company's real account page — the charge won't exist.

Because the scam needs you on the phone, where an "agent" can talk you into remote access or a fake refund. Skipping the link also helps the email get past spam filters.

I called the number and gave them access — what now?

Disconnect, remove any software they installed, run a malware scan, change your banking password, and call your bank using the number on your card to watch for fraud. Report it to the FTC.

Why do I keep getting Norton and McAfee renewal emails for accounts I never had?

Because they're blasted to huge email lists, not sent to you specifically. Norton and McAfee are well-known antivirus brands, so the fake "auto-renewal" feels plausible to enough people to be worth sending in bulk. Receiving them doesn't mean you were hacked — just don't call the number. Report them as phishing and delete.

Key takeaways

  • The renewal invoice is fake; you have no subscription to cancel.
  • A "call us" number instead of a link is the signature of this scam.
  • Never grant remote access or send a "refund" — that's the real attack.
  • Verify by checking your statement and the company's real account page.

Not sure about a message?

Forward it to check@fraudroom.com and get a plain-English scam check in minutes.

Try it free — 5 checks, no card