Readers should beware of clicking links in a McAfee invoice scam email that claims to be a "confirmation receipt" for the subscription renewal of the company's products. This email does not come from McAfee Corp.
Email scams that use the names of antivirus and security companies are probably as old as the internet, but this particular one for McAfee apparently tried to combine two different threats into one: malware and phishing.
We reviewed one of the McAfee invoice scam emails. The subject line read, "Confirmation Receipt ID.6030955553." The message came from an email address associated with uilsducoach.com, not the official company website mcafee.com:
Reassure your McAfee is up to date.
Check now as it may have ended.
Your subscription of McAfee for your computer may ended soon.
After the ending date has passed your computer will become susceptible to many different virus and threats.
Your PC might be unprotected, it can be exposed to viruses and other malware...
You are eligible for discount: -70%*
A scan of the links with IP Quality Score's malicious URL scanner identified the email as "hosting malware" and being a "phishing link."
The link began on an Amazon Web Services website. One of the redirects went through vestingsupper.com. Further details were not yet known at the time this story was published.
If you accidentally enter data in a webpage linked to a suspicious email, perform a full malware scan on your device. Once the scan is complete, backup all of your files and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it's important to change all the passwords you use online in the wake of a suspected phishing attack.
If readers provided any financial information to scammers, such as a credit card number, we recommend immediately contacting that financial institution to inform them of the issue. In some cases, a new credit card with a new number may need to be mailed to you to ensure scammers don't attempt to use the compromised card in the future.