Refund Scams: Fake Amazon, IRS, and Company Refund Notifications

Everyone likes getting money back. Scammers know this, and they exploit it with emails, texts, and phone calls claiming you're owed a refund. The supposed source varies — Amazon, the IRS, your internet provider, a software subscription, your utility company — but the mechanics are always the same: they dangle free money to get you to hand over access to your computer or your bank account.

Here's a common scam email:

Subject: Refund Notification — $284.99 Pending for Your Account

Dear Customer, We recently processed a charge of $284.99 for your Norton Antivirus Annual Subscription renewal. Our records indicate this charge was made in error. You are entitled to a full refund of $284.99. To process your refund, please call our support team at 1-888-XXX-XXXX or click below to submit your refund request.

Another variation:

Subject: Amazon Order Refund — Action Required

We've issued a refund of $149.97 to your account for order #112-4456782-9876543. However, we need to verify your payment method to complete the refund. Please log in to verify: amazon-refund-verify.com

How the Scam Works

The Phone Call Version

In the phone-based version, you call the number in the email. A "support representative" answers and says they need to process your refund remotely. They ask you to download a remote access tool — typically AnyDesk, TeamViewer, or UltraViewer — so they can "help you" complete the refund.

Once they have remote access to your computer, they ask you to log into your bank account so they can "direct deposit" the refund. While you watch, they manipulate the screen. Using the remote access, they transfer money between your own accounts (such as from savings to checking) and then claim they "accidentally" refunded too much — say $2,849.90 instead of $284.99.

Now they insist you owe them the difference of $2,565. They pressure you to send the "overpayment" back via wire transfer, gift cards, or cryptocurrency. In reality, they just moved your own money between your accounts. No refund was ever issued. And now they want you to send them real money to "correct the mistake."

The Phishing Email Version

The email version is simpler but equally dangerous. You click a link that takes you to a fake login page mimicking Amazon, PayPal, your bank, or another service. When you enter your credentials, the scammer captures your username, password, and any other information you provide — credit card numbers, billing addresses, security question answers.

The IRS Refund Version

Some scammers impersonate the IRS, claiming you're owed a tax refund that was never processed. They ask for your Social Security number, bank account and routing numbers, and other personal details to "verify your identity" for the refund. The IRS never initiates contact about refunds via email, text, or social media. Tax refunds are processed through your filed tax return — the IRS doesn't ask you to claim them separately.

Why This Scam Works

Refund scams exploit several psychological triggers. The promise of free money makes people want to engage. The specific dollar amount makes it feel real. The brand impersonation (Amazon, Norton, IRS) creates legitimacy. And the "accidental overpayment" twist plays on people's honesty — good people want to return money that isn't theirs, even when the whole scenario is fabricated.

The remote access version is especially effective because the victim watches the "refund" happen on their own screen. They see their bank balance change. It looks real because the scammer is manipulating real numbers in real time — just not the way the victim thinks.

Red Flags to Watch For

1. You didn't request a refund. If you didn't buy the product, cancel a subscription, or file a complaint, there's no reason for a refund to appear.

2. The email asks you to call a phone number. Real refunds from Amazon, Norton, or other companies are processed automatically — they don't require you to call anyone.

3. They want you to install remote access software. No legitimate company will ever ask you to download AnyDesk, TeamViewer, UltraViewer, or similar tools to process a refund. This is always a scam.

4. They ask you to log into your bank account while they watch. No refund process requires showing a stranger your bank account. Refunds are deposited automatically through the original payment method.

5. The "accidental overpayment" story. This is a classic scam script. If anyone tells you they accidentally sent you too much money and needs you to send the difference back, stop immediately. It's a scam.

6. Payment is requested via gift cards, wire transfer, or cryptocurrency. These are untraceable payment methods that no legitimate company uses for refunds or corrections.

7. The sender's email doesn't match the company's official domain. Amazon uses @amazon.com. The IRS uses @irs.gov. Check the actual sender address, not just the display name.

What to Do If You're Targeted

Don't call the number in the email. If you think you might genuinely be owed a refund, go directly to the company's official website and check your account or contact their real customer service number.

Don't click links in refund emails. Navigate to the website directly by typing the URL in your browser.

Never install remote access software at a stranger's request. If you accidentally installed remote access software, uninstall it immediately, change all your passwords, and run a full antivirus scan.

If you gave a scammer remote access to your computer: Disconnect from the internet immediately. Uninstall the remote access software. Change passwords for all accounts — especially banking and email — from a different device. Contact your bank to report the compromise and freeze your accounts if necessary. Run a full malware scan. Consider having a professional inspect your computer.

If you sent money: Contact your bank immediately. Report to the FTC at reportfraud.ftc.gov. File a police report for documentation.

---

Got a suspicious refund email or text? Paste it into our free scam scanner and get an instant breakdown of every red flag. Our AI detects phishing patterns, fake sender addresses, and known scam tactics in seconds.