Fake sender claiming to have accidentally overpaid the target and demanding the difference be wired back before the account is cancelled — classic overpayment scam; the original payment is fraudulent and the wired-back difference is an immediate loss to the victim.

Fake sender claiming to have accidentally overpaid the target (via check, wire, or payment platform) and demanding that the target wire or return the difference before the sender cancels their account — classic overpayment / fake-check scam. The fraudulent payment appears to clear temporarily (checks can take days to bounce from correspondent banks), the victim wires back the "difference," and the original payment is then reversed, leaving the victim out of pocket the full wired amount. The "we accidentally overpaid you — wire/return the difference before we cancel your account" urgency-plus-threat shape is one of the most consistently high-volume fraud patterns tracked by FBI IC3 and the FTC. Distinct from job-offer-check-deposit-phish (employment context fake check) and rental-deposit-refund-phish (rental deposit refund context) — this targets the generic accidental-overpayment / return-the-difference / cancel-account-threat pretext. Detection: accidentally overpaid + wire/return the difference + before we cancel your account vocabulary + no List-Unsubscribe + no In-Reply-To + not protected sender. Trash score: +5. Source: GC1-R28; FBI IC3 overpayment scam advisory; FTC overpayment/fake check scam report 2025; CFPB fake check consumer alert.