Example 248: Fake payment receipts
We are currently seeing a high volume of payment and subscription scams. The scam messages include a fake receipt from a known and legitimate company. The emails encourage recipients to call a number or click a link to cancel the payment and engage with the scammers. Their goal is to steal recipient money or data.
Indicators of Phishing
- From an email address not affiliated with the purported business or service.
- Makes a false statement about a charge to a debit card or other transaction and encourages contact to correct the error.
- Subjects like: “PAYMENT DONE,” “Invoice Number”, “Receipt Number”, or “Bill no.” followed by a string of letters and numbers, often between two # symbols.. Caps may be used to indicate urgency.
- Spelling errors and typos in the message.
- Suspicious and unexpected.
What to do if you receive one of these:
- Do not reply, click the link(s), call the phone number, or login (if you do click the link).
- Report it as Spam to Google.
- Forward the notice to [email protected].
- Check your bank statement to confirm whether the charges are real or not.
- For more information, please see: How to Manage Spam Emails
From: robert lor <[email protected]>
Subject: PAYMENT DONE______________NYR7755269R
Date: September 9, 2021 at 10:31:42 AM CDT
To: [email protected]
___OUR valued consumer___
thank you for your purchase through NORTON . this email that is to inform you your annual subscription with Norton is RENEWED .
Here is an overview of your recent purchase :-
invoice no :- NYR7755269R
ORDER date :- 09/09/2021
PAYMENT method : - auto – debited
VALUE :- $321.67
to upgrade /cancel your subscription , PLEASE contact our customer service at
Norton billing support