Refund Scam

A person on a laptop on a suspicious phone call.
Phone and computer scams are among the most common scams today. The refund scam (also sometimes referred to as the overpayment scam) is both a computer and a phone scam, the scammer will use both of these tools in order to scam their victim. The refund scam can be considered a type of tech support scam. The scammers often impersonate tech support from companies such as Microsoft, Amazon, and eBay. These scammers usually prey upon victims who don’t know a lot about technology; however, anyone can fall victim to this type of scam.

How the scam works

This is how a typical refund scam works:

  1. The scammer makes contact with the victim somehow. Usually this will be through a robocall, if you get a suspicious call from a robot, it is probably a scam. The scammer will pretend to be from a large company like Amazon, Microsoft, or eBay. They will tell the victim that they are qualified for a refund. It may be from an item that the victim supposedly purchased. The scammer may say that someone had fraudulently bought something using the victim’s account. This is a lie; the scammer just wants the victim to believe their account was compromised. If you ever get a call, text, or email about a purchase you know you didn’t make, it is most likely a scam.
  2. Once the scammer gets in contact with the victim the scam can begin. The scammer asks to get access to the victim’s computer. If the victim doesn’t have a computer, the scammer will most likely hang up, as that is what the whole scam depends on. The scammer will have the victim download some sort of remote access software, like TeamViewer, so they can have access to the victim’s computer. Never give access to your computer to a scammer through this software. They could install malware, see your personal files, and could lock you out of your computer.
  3. Once the scammer has access to the victim’s computer they will go through a variation of scripts. They might show the victim a popup that says their computer has malware (the victim doesn’t actually have malware). They will then explain the refund process to the victim. They will ask the victim to login to their bank account in a web browser. Never login to your bank account when someone has access to your computer, no legitimate company will ever ask you to do this. They will also have the victim open up command prompt and will type in something about a refund into command prompt.
  4. Once the victim has command prompt and their bank account open, the scammer can proceed with the scam. The scammer will black out the screen so the user can’t see what they are doing. They will then edit the HMTL code on the bank website, so that it appears that the victim was refunded for more money than they were supposed to (note this does not actually change the amount in the victim’s bank, if the victim refreshes the web page, everything will look normal). The scammer will then ask the victim to type in the amount of the refund into command prompt (this does nothing but it can trick the victim into thinking they are doing something). The scammer will then type in something before the victim presses enter, so that it appears that the victim typed in too much money. The scammer will then unblack the screen and ask the victim if everything looks correct.
  5. The victim will then explain that the amount is too much. The scammer will act shocked, even though they are the ones who caused the amount to be off. The scammer will then explain that the victim will need to pay the difference. The scammer may threaten the victim or may say that they will lose their job for this mistake. All of this is to manipulate the victim into paying the scammer. Most often the scammer will ask the victim to buy gift cards in order to pay back the difference. They may also ask the victim to pay through cryptocurrency or a money transfer service such as Western Union or MoneyGram. Note that if anyone asks you to pay through any of these means, it is a scam. Even though the scammer has access to the victim’s bank account, they want the victim to pay through a method that is nearly impossible for the victim to get their money back.
  6. If the victim pays the scammer, they will most likely never see that money again. They will also most likely be put on a list for future scammers to contact them in order to scam them again.

What to do about this scam

Be suspicious of calls you receive from unknown numbers. A company will not randomly call you about a refund that you are qualified for when you don’t remember ever purchasing the item in the first place. A company will never ask you to give them access to your computer and login to your bank account, they will also never ask for your passwords or other private information. A legitimate company will also never ask you to pay for a service with gift cards, cryptocurrency, or money transfer service such as Western Union or MoneyGram, anyone who asks for payment through only those methods is a scammer. If you get a call that you suspect is a scam, the best thing to do is ignore it. Don’t answer the phone, as that may lead more scammers to calling you. If you are unsure if a phone call is a scam or not, you can try the scam phone number detector, it can help you to know if a phone call is a scam or not. You can also report phone scams to the FTC by clicking this link.