Knowledge

Step by Step - Understanding the Credit Card Charge Scam

Take action: If a message triggers feelings of urgency, think twice - it's probably a scam. Avoid using the contact number mentioned in the scam email or text. Instead, search for the official phone number of the company online if you wish to contact them.

Learn More

You get an email notifying about a charge on your credit card for a product or service that you neither expect, bought nor desire. The email tells you that your card is already charged, but you can call a contact center number if there are any issues.

Your initial reaction may be to contact the call immediately or respond to the email in order to stop the payment.

Unfortunately, this is a scam. And the scammers are ready to exploit your reaction for phishing, fraud, ransomware or spyware..

Many individuals have reported receiving emails that appear to be from Symantec (Norton), a reputable company specializing in antivirus and anti-malware software, informing them that they have been charged for some product. To make the email seem more legitimate, a PDF or JPG of what looks like an official invoice is attached.

These emails are not actually from Symantec.

The email is designed to trigger urgency in the reader, to rush to stop the payment. You call up the included number to complain. That is exactly what the attackers want you to do.

Here is how the attack works after they make you call a number

  1. The attacker has you on the phone, and you are worried about a payment. You won't be hanging up soon, so the attacker has a lot of time to scam you further.
  2. The attacker will appear to be a contact center trying to help you:
    1. They will ask you for more personal details to "confirm your credit card and order" - name, address, bank, number of the credit card, CVV number.
    2. They will ask you to confirm your email and password to "confirm proper invoice"
    3. They will claim that all the elements are in order and you probably have malware on your computer and they will ask you to allow remote access for them to your computer so they can "scan it".
    4. They will ask you to download a "scanner" or to allow them on the remote connection to "install a scanner"
    5. They may even claim that their scanner has found and removed malware. While your original charge will be voided, they will now ask for you to pay for their service in cleaning your computer via a credit card charge.

What really happened in each of these steps :

  1. Information - They just took a bunch of your personal information to sell on the dark web, including your credit card number.
  2. Email /password - They just confirmed and took your real email and password and paired it with the rest of the material. Have you check if your old password are leaked?
  3. Check your computer - They will ask for remote access on your computer to rummage through it and install malware or spyware.
  4. Install a scanner - This is how they install the malware or spyware to steal more data, or to ransom you after encrypting your computer.
  5. Pay for their services - For good measure, they will steal hard cash from you.

If you receive an email or text message that raises doubts, please consider the following precautions:

  • Don't rush, think before calling the number. If a message triggers feelings of urgency, think twice.
  • Refrain from clicking on any links provided in the message.
  • Avoid using the contact number mentioned in the email or text. Instead, search for the official phone number of the company online if you wish to contact them.
  • Never disclose your password to an unknown person over the phone, even if they claim to represent a recognized company.
  • Never provide remote access or download and execute programs when instructed by an unknown person. Call a reputable IT company in your city and bring the device to them for review.
  • If you have mistakenly provided your password, change it immediately, update your computer's security software, conduct a thorough scan, and delete anything flagged as a potential threat.
  • Never share your bank account details, credit card information, or personal information with someone who contacts you unexpectedly over the phone.

Here is an example of the content of one such email, with the image on this article showing the scam invoice. The number provided looks like a US number but it's a Skype number so the person on the other end of the line can be anywhere in the world


Your Purchase Details805737879 <subhashs4801@gmail.com>

Howdy! <redacted>@gmail.com

Our customer support team is available 24x7 to assist you with any questions you may have about your order. Don't hesitate to send us a message if you need information. LVOXY82976

Attached is the invoice.

The email header and the sender IP

Return-Path: <subhashs4801@gmail.com>
Received: from [10.64.141.25] (static-198-54-130-151.cust.tzulo.com. [198.54.130.151])
        by smtp.gmail.com with ESMTPSA id mg16-20020a056214561000b0061b63237be3sm1473231qvb.131.2023.05.26.14.00.47
        for <redacted.@gmail.com>
Step by Step - Understanding the Credit Card Charge Scam
Read More
State of (in)security - Week 52, 2024
State of (in)security - Week 24, 2024
State of (in)security - Week 15, 2024
State of (in)security - Week 45, 2024
State of (in)security - Week 7, 2026