Fact Check

McAfee Invoice Scam Email Poses as Subscription Renewal Receipt

Here's what we found in a McAfee scam email that claimed to be a "confirmation receipt" or invoice for a subscription renewal.

Published March 14, 2023

 (Surasak Suwanmake/Getty Images)
Image Via Surasak Suwanmake/Getty Images
An email message claims to be a subscription renewal receipt or invoice from McAfee, but wasn't sent by the company.

Readers should beware of clicking links in a McAfee invoice scam email that claims to be a "confirmation receipt" for the subscription renewal of the company's products. This email does not come from McAfee Corp.

Email scams that use the names of antivirus and security companies are probably as old as the internet, but this particular one for McAfee apparently tried to combine two different threats into one: malware and phishing.

We reviewed one of the McAfee invoice scam emails. The subject line read, "Confirmation Receipt ID.6030955553." The message came from an email address associated with uilsducoach.com, not the official company website mcafee.com:

Reassure your McAfee is up to date.

Check now as it may have ended.

Your subscription of McAfee for your computer may ended soon.

After the ending date has passed your computer will become susceptible to many different virus and threats.

Your PC might be unprotected, it can be exposed to viruses and other malware...

You are eligible for discount: -70%*

A scan of the links with IP Quality Score's malicious URL scanner identified the email as "hosting malware" and being a "phishing link."

The link began on an Amazon Web Services website. One of the redirects went through vestingsupper.com. Further details were not yet known at the time this story was published.

McAfee has published multiple articles before about these kinds of scams, including details on what to do if you believe you've fallen victim to them:

If you accidentally enter data in a webpage linked to a suspicious email, perform a full malware scan on your device. Once the scan is complete, backup all of your files and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it's important to change all the passwords you use online in the wake of a suspected phishing attack.

Other recommended companies for malware scans include Malwarebytes and Norton.

If readers provided any financial information to scammers, such as a credit card number, we recommend immediately contacting that financial institution to inform them of the issue. In some cases, a new credit card with a new number may need to be mailed to you to ensure scammers don't attempt to use the compromised card in the future.


"Identity Theft Protection." McAfee, https://www.mcafee.com/en-us/identity-theft/protection.html.

"Malicious URL Scanner | Scan URLs for Malware | Malware URL Checker." IP Quality Score, https://www.ipqualityscore.com/threat-feeds/malicious-url-scanner.

"Malwarebytes Cyber Security for Home & Business | Anti-Malware." Malwarebytes, https://www.malwarebytes.com/.

"McAfee KB - How to Recognize and Protect Yourself from Phishing." McAfee.com, https://www.mcafee.com/support/?locale=en-US&articleId=TS101810&page=shell&shell=article-view.

"McAfee KB - You Get Fake Emails from Scammers Posing as McAfee." McAfee.com, https://www.mcafee.com/support/?articleId=TS103285&page=shell&shell=article-view.

Norton.com. https://us.norton.com/.

"Phishing Email Examples: How to Recognize a Phishing Email." McAfee.com, 8 Dec. 2022, https://www.mcafee.com/learn/phishing-email-examples-how-to-recognize-a-phishing-email/.

Jordan Liles is a Senior Reporter who has been with Snopes since 2016.

Article Tags