Example 248: Fake payment receipts

Scammers send fake email receipts that encourage recipients to engage.

We are currently seeing a high volume of payment and subscription scams. The scam messages include a fake receipt from a known and legitimate company.  The emails encourage recipients to call a number or click a link to cancel the payment and engage with the scammers. Their goal is to steal recipient money or data.

Indicators of Phishing

  • From an email address not affiliated with the purported business or service.
  • Makes a false statement about a charge to a debit card or other transaction and encourages contact to correct the error.
  • Subjects like: “PAYMENT DONE,” “Invoice Number”, “Receipt Number”, or “Bill no.” followed by a string of letters and numbers, often between two # symbols.. Caps may be used to indicate urgency.
  • Spelling errors and typos in the message.
  • Suspicious and unexpected.

What to do if you receive one of these:

  • Do not reply, click the link(s), call the phone number, or login (if you do click the link).
  • Report it as Spam to Google.
  • Forward the notice to [email protected].
  • Check your bank statement to confirm whether the charges are real or not. 
  • For more information, please see: How to Manage Spam Emails 


From: robert lor <[email protected]>
Subject: PAYMENT DONE______________NYR7755269R
Date: September 9, 2021 at 10:31:42 AM CDT
To: [email protected]

___OUR valued consumer___

thank you for your purchase through NORTON . this email that is to inform you your annual subscription with Norton is RENEWED .

Here is an overview of your recent purchase :-

invoice no :- NYR7755269R
ORDER date :- 09/09/2021
PAYMENT method : - auto – debited

VALUE :- $321.67

to upgrade /cancel your subscription , PLEASE contact our customer service at
+1 (810)-(515)-(7954)

Thank you,
Norton billing support