Fake antivirus tech support renewal callback scam — impersonates Norton, McAfee, Geek Squad, or generic "PC Protection" with a fabricated auto-renewal charge ($249–$399) and a callback phone number to "cancel"; connects to scammer who installs remote desktop software to steal banking credentials or install ransomware

Fake antivirus or PC protection renewal invoices impersonating Norton 360, McAfee Total Protection, Geek Squad / Best Buy Total Tech, Avast, or a generic "Advanced PC Protection" service. The email displays a fabricated auto-renewal charge ($249–$399) and a toll-free phone number to call to "cancel" within 24-48 hours. The callback connects to a scammer who requests remote desktop access via AnyDesk or TeamViewer to "process the refund" — then accesses bank accounts, steals saved passwords, or installs ransomware. Key facts: (1) FTC 2024: tech support impersonation caused $1.3B in annual losses — Norton, McAfee, and Geek Squad are the top three impersonated brands, accounting for 45% of all tech support scam complaints; (2) Real antivirus companies NEVER include callback phone numbers in renewal emails — subscription management is handled entirely through the company's website or account portal (my.norton.com, home.mcafee.com); (3) The "remote access for refund" step is the critical danger: once installed, the scammer has full control of the computer and can transfer money, steal banking credentials, and lock the victim out; (4) Legitimate software renewals can be verified in your account portal or through the installed application's Settings page — never by calling a phone number in an email. Warning signs: non-official sender domain, callback phone number, large unexpected charge, urgency window (24-48 hours), request to install software during the "refund call."