I’m afraid that my credit card or Microsoft account might have been hacked: I just got an invoice for $399.99 for an annual subscription to “Microsoft Defender” from Microsoft. Is it legit? How can I reverse the charge on my account?
You’re correct in questioning this invoice from Microsoft for “Windows Defender Advanced Threat protection Firewall & Network protection” for $399.99. It is, in fact, a scam. Microsoft does have something called Windows Defender, but it’s a free antivirus and antimalware protection suite from Microsoft that’s included in Windows 10! I actually run it on most of my PCs as my primary protection software and it seems to work really well. You can learn more about it at this Microsoft article Stay protected with Windows Defender, or you can check out my own article How to Get Started With Windows Defender.
What you’ve received is an email version of a very common scam that also extends to millions of junk phone calls every day too: notification that you’ve “already been charged” for a PC security subscription and now need to work out payment to cover the debt. In its most extreme case, they’ll try to convince you to allow them to remotely access your computer so they can ‘scan for viruses’ or ‘clean up your PC’ and then actually install bad software and corrupt your machine. Never let someone remotely access your computer. Never.
Here’s the thing: If you had purchased a subscription for software, you’d already have the credit card transaction and it would be a bank contacting you. But why would your bank contact you? It’d just be an item that showed up on your credit card statement. Worried it might be legit? Log in to your bank’s Web site (by typing in the URL, never click on a banking email link!) and check your transaction history. If you do have a bogus transaction, notify your bank and let them take care of things.
Windows Defender Store Bogus Invoice Email
But let’s have a closer look at that email too. Here’s the main “order confirmation”:
First off, the Microsoft logo shown is really old, though you can be forgiven for not realizing that. More importantly, where is any personally identifiable information? Having your email on the “invoice” is easy enough since the scammers probably bought millions of email addresses for this scam. There are some other warning signs, but just scroll down and you’ll see something very odd:
In many years of receiving invoices from hundreds of companies, I’ve never once seen “in words” for an amount. Why on Earth does this say “In Words – Three Hundred Ninety Nine Dollars and Ninety Nine Cents Only.”? That sort of weird information is a warning sign that should make you much more skeptical that the email is legit.
Let’s look at the sender’s email address, however. It’s from “Windows Defender Store”, right? Not really. A click on the tiny triangle in Gmail, at least, shows that it’s not from Microsoft at all, but a Gmail address:
Who is firstname.lastname@example.org? Who the heck knows. It’s for sure that this isn’t a legit email, however, because there’s zero chance that a company like Microsoft would be sending email from Google’s Gmail service, right? So you can safely stop here and delete it.
Still curious? Google the phone number you’re invited to call if “you didn’t make this purchase”: (810) 212-2133. First off, is it really toll free? No, it’s not:
But you can search a phone number too, and it’s the work of about 15 seconds to identify this match:
You can see what I’ve highlighted: “810-212-2133. Claiming to be Apple. I DID NOT MAKE THIS PURCHASE”.
Again, it’s a scam. Your warning signs can’t get much more overt than this. Your next step? Delete the email and go on with your day.
The biggest lesson here is that a healthy dose of skepticism and a tiny bit of research can really help you avoid being scammed. Always check the sender address, search the email address or phone number you’re supposed to contact if you want to dispute the [bogus] charge, or just ignore it and wait to see if anything shows up on your credit card bill. Be careful and be safe out there!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!
Good evening! Thank you very much for your post.
I received this email shortly after I purchased WinZip to send and unzip files.
It too looked legit, and mentioned it charged me the $399 purchase price. I thought I had inadvertently purchased Windows Defender. I called the number, and a gentleman answered claiming to be Alex. I told him I didn’t purchase the item, and I wanted a refund.
But they didn’t offer a refund. Still waiting.
You weren’t actually charged, so you should be fine. The danger is if they say they want your payment info for verification or want to install some software to remote-delete it.
They deposited $39999.00 in my checking account stating it was my mistake as it should be $399. How do I get this $$ out of my checking and report these scums. They are calling me tomorrow
Sure they deposited that into your account. Sure they did. Instead, go into your bank and talk with someone there…
I actually talked to them and was told my computer was hacked. Had me run some test and installed something. He is going to call me back tomorrow to finish the testing. Will a reset to a previous day clean my computer? He has not asked for any personal information yet.
He doesn’t need to ask for anything; you installed their app. I would roll back to at least the previous day, if not multiple days. Good luck.
I just got off the phone with the scammer, after dialing the number on my notice to pay 499.99 with a yearly automatic renewal. He asked for my browser and I asked him why he needed to know that, due to his accent I could not decipher exactly what he was saying and told him he was trying to scam me and I was going to report him. Truth be told I am not sure how to do that. The scammer customer service number is 1-347-714-8039.
Good morning! Thank you for your post. I received this email shortly after I purchased WinZip to send and unzip files. It too looked legit, and mentioned it charged me the $399 purchase price. I thought I had inadvertently purchased Windows Defender. I called the number, and a gentleman answered claiming to be Alex. I told him I didn’t purchase the item, and I wanted a refund. He mentioned that in order to do so, he would need to get access to my computer. When I told him no and that I didn’t trust him, he asked for me to google the Microsoft number and to ask for him, Henry. I knew then it was a scam. He had given me two different names. I called him on it, and right then looked noticed the email address, and it was a gmail account. Again, more confirmation it was a scam. I checked my credit card, and no charge had been made. I just hope that with them now having my cell phone number, these scammers don’t reach out.
Thank you for posting this information, and I hope your post helps others before they let these scammers on their computer.
Thanks for your write up! I received a similar email (10/26/21) with a different number, called, got a message stating “while we connect your call” then music played until a male with an Indian accent answered and said “hello”. I informed him I received an email invoice for computer data protection. He said he would send me a form to fill out so they could cancel and refund. After I told him I had no computer nor need for its data to be protected, he hung up on me. I called back and he said “I already talked to you”. I said please unsubscribe me as I didn’t request this. His response? “I’ll f*** your mother” I answered that she had passed. “Then I’ll f*** your girlfriend and I’ll f*** your daughter” and he hung up again. After a third dial, he wouldn’t answer, so it finally went to voicemail. I left a message informing him that he was disgusting and I would report and block him. Now trying to find a way to let Microsoft know!
Close to my experience but haven’t called them( him back). Love your responses til all he could do was hangup on you. I was told to check in the Invoice for an identifer # and while looking I briefed him on my PC had only run for 5 months . A lightening strike had surged it dead and hadn’t been run in 5 years. I am using my smart phone and never bought Defender.He casually said ,” oh, you must’ve bought it”. Shortly there after he included sending forms and I asked if he wanted any identifer info and was told no he’d got it but I hadn’t given any at all.And was calling on my landline.
I just got an invoice for 499.99 and when I called to dispute it It was Gentle Dental
I hope they have no way to get to the money
I did call and gave them the ID number but that was it…..no credit card information or anything. I am at risk for anything????
No, but expect more scam calls from this point because you’re on the list as ‘will call’ so are now a prime target for scams. 😐
I did not give any credit card information- where would they have credited it to?
That’s the scam. You call up, they ask for some information, probably including your credit card number and PIN, then they say “no worries, we cancel it now”. Then hang up and use your purloined card info!
Though I did not buy, nor download, nor call, nor pay for this program, since it is FREE,
Where can I report the email?
Don’t you want to track & destroy these spammers?
Thank you for this info. Wish I knew how to make these scammer pay for their annoying scams.
I received the same thing for $399.99. I called the number and downloaded remotepc but I didn’t install it. Am I safe? or do I need to do something?
Definitely remove the app immediately, then run a full malware scan. I hope you didn’t share any personally identifiable information when you talked to them on the phone too. Oh, and since you responded positively, expect more of these sort of scams to show up too, so raise up your skepticism and alert level. Good luck!
I called the number sent to me the web site is https://www.awesun.com/, They said in order to cancel I had to download the app which i then told her off and hung up. Is there somewhere that I should or can report them to?
Below is the email I received.
Windows Defender Order
Tue, Sep 14 at 12:19 PM
Thank you for using our services
This email is regarding your recent purchase with us for Microsoft Defender Advance protection. Please check below for more details.
Customer Id: 112562058
Invoice ID: WIN48974984-16189
Date : 14-09-2021
Brush Stroke Divider
Product Name : Microsoft Defender
Description : 1 year subscription
Quantity : 1
Amount : $ 399.00
If you want to cancel your order or you think someone else places order from your account please contact our customer care representative on below toll free number.
Copyright reserved @ Microsoft 2021
I also received this scam saying that my credit card was charged $399. No
Evidence on my credit cards thankfully!!!!
Thank you so much for this info I was told 499.00 was charged being on disability due to cancer I cant afford that kind of charge im so disgusted and fed up with all these low life scammers who don’t give a rats ass who they steal from I run a disability advocacy and resource finding business I also have a page on Fb doing the same thing I also post about scams to let ppl know if all these scams im called 20x a day by the social security scam and the Amazon scam now theres this 1 these are heartless pathetic pieces of crap 45 billion dollars has been stolen by the social security scam keeping these scammers out of the group is seriously a full time job im gonna check out your site so I can let others know
Is there any help for someone who was stupid enough to fall for this?
If you paid by credit card, call your card issuer and explain the situation. If you paid with gift cards or gift codes, well, chalk it up to an education on how to be more cautious in the future. Either way, you’ll want to take your PC to a tech support facility so they can wipe it of whatever software these people installed on your computer. Try Geek Squad at your local Best Buy. Good luck!
I hate to admit it but I fell for it. I feel so stupid. Unfortunately, I’m housebound and cannot get my computer to an outside source to remove what they may have installed. What can I do?
First thing I would do is run Windows Defender on your system for a full scan. Then use App Remove to remove any software they might have installed, delete and re-install your favorite Web browser without ANY extensions or added toolbars, then run Defender again. I don’t know if that’ll be sufficient, but it’s a start. Also just be aware that if you do things like online banking, your account may be compromised. 😐
Yep get those emails more and more. My question is what will be done against these mails?
I know that they are fake, but how many people will be pay for this?
Please let me know what is been done to stop these crimes. because in the end it is a cyber crime. Do all people also inform their local police station about this crime?