What is the McAfee Scam? (And How to Protect Against it)

McAfee scams have been around for years, if not decades, and we’ve covered their various iterations many times before. We recently came across yet another variation of this scam that has already claimed a large number of victims and more and more users still seem to be falling for it.

In this post, we’ll tell you everything you must know about the latest McAfee antivirus email scam: how it functions, how to spot it, what to do if you’ve already contacted the scammers, and ways to stop or at least limit the amount of scam messages flooding your mail.

mcafee scam email
One example of a McAfee subscription scam email.

Remove McAfee Scam Malware From Your Device

Before we proceed with the explanation of this scam, we urge you to delete any apps or files sent to you by the scammers that you may have downloaded. What makes this scam particularly insidious is that it tricks users into downloading remote-access malware, so if you’ve allowed anything from the scammers to enter your device, delete it immediately, using the following instructions or the recommended anti-malware tool posted on this page.

IMPORTANT!: Scammers can use different types of remote access malware, so we can’t provide specific instructions about one particular malicious app or program. The following guides provide general malware-removal instructions. For mobile devices, this should be enough to secure the device, but if you are on a desktop device, you may need to resort to a specialized anti-malware tool.

McAfee Scam Malware Removal for Android

It’s essential that you act quickly if you think your device has been infected by a remote access McAfee scam malware because every moment you waste is giving the scammer time to cause more damage.

  1. Go to your device’s File Manager app, open the Downloads section, and delete any recently downloaded files.
  2. Also check the other sections/categories for recent downloads of suspicious files and delete them.
  3. Next, go to Settings > Passwords & Accounts see what accounts are shown there, and if you see anything unfamiliar, delete it.
  4. Then go to Settings > Apps > All Applications, look through all the apps and if you find an app that you got from the scammers, tap it, and go to Permission.
  5. Disable all permissions for that app, then go back to the previous screen and Uninstall the app.
  6. Finally, change all your passwords to your important accounts that you want to keep safe.

If you still suspect that the scammers might have remote access to your device, we recommend going to Settings > System > Reset Options and then performing a Factory Reset.

IMPORTANT!: If you decide to Factory Reset your device, everything stored on its internal HDD will be deleted, so we recommend creating a backup of data you don’t want to lose.

McAfee Scam Malware Removal for iPhone

It’s generally easier to clean iPhones from scam software and malware, but you still need to be quick if you want to save your data and money.

  1. Go to the File Manager and delete anything you’ve recently downloaded. If you remember the file downloaded from the scammer, find it and delete it immediately!
  2. Go to Settings > General > Profiles and look for any suspicious profiles you don’t recognize. If you see such a profile, select it, tap Remove Profile, and enter your passcode to perform the removal.
  3. Finally, look for any suspicious recently installed apps on your device and uninstall them by holding your tap on the app, then tapping Remove > Delete App.

As before, it’s strongly advised to change your passwords for all your valuable accounts.

McAfee Scam Malware Removal for Windows

Removing malware from mobile devices is much easier and generally done in the same way no matter the threat, but when talking about desktop, Windows PC in particular, the places a malware can hide are numerous. Therefore, we can only give you some general tips and steps, but you’ll have to do most of the leg-work. Alternatively, you can use SpyHunter to run a comprehensive malware scan of your system and let the tool delete any suspicious software it might find:

  1. Go to your Start Menu, search for Apps and Features, open it, and look for and uninstall any recently added apps you don’t recognize.
  2. Open the Task Manager, look for questionable processes with unfamiliar names. If you suspect a particular process, right-click it > Open File Location.
  3. If the folder that opens isn’t a system folder (i.e. located in the Windows folder), it should be okay to delete its contents.
  4. If you are blocked from deleting them, download and install Lock Hunter, then right-click the rogue folder, click “What’s locking it?” > Delete.
  5. Go to C:\Users\*YOUR_USERNAME\AppData\Roaming, look for folders with suspicious names, and delete them. Do the same in C:\Program Files and C:\Progam Files (x86).
  6. Lastly, search for the Task Scheduler in the Start Menu, open it, check the Task Scheduler Library for any questionable tasks that may be related to the malware, and delete them. To figure out what a particular task does, right-click it and go to Properties > Actions.

If you don’t feel confident manually hunting down the malware, it’s preferable if you use a specialized malware removal tool.

McAfee Scam Malware Removal for Mac

Like iPhones, Macs rarely get malware, but if a McAfee email scammer has tricked you into installing something on your Mac computer, then there could be something malicious on it. Here are some steps you could take to secure your system:

  1. Delete any newly installed apps from the Applicaitons folder.
  2. Click the Apple logo menu in the top-left, go to System Settings > Users & Groups click the Lock icon, and enter your password.
  3. Then look at the profiles listed there. If you see any unfamiliar profiles not added by you, delete them even if they seem to have regular names like AdminPrefs or Chrome Settings.
  4. Open System Settings > Security & Privacy > Full Disk Access and see if any suspicious apps are given this permission and remove them from the list.
  5. We also recommend checking the other types of permissions and removing from them apps you don’t trust.
  6. Lastly, click the Go menu from the top > Go to Folder, copy-paste this address /Library/LaunchDaemons into the search bar and press enter.
  7. Look through the folder for suspiciously-named files and delete them. Check this Apple discussion to get an idea what filenames you should be looking for.
  8. Do the same thing in ~/Library/LaunchAgents and /Library/LaunchAgents folders.

As with before, don’t forget to change all your important passwords after the malware is removed. If you aren’t sure the virus is gone, consider using the security tool recommended on this page.

How Does the McAfee Email Scam Work?

Like many of its previous iterations, the McAfee email scam begins when the user is sent a legitimate-looking email. The email address and username will appear as if they truly come from the McAfee and there will probably be some graphics in the message to give it a more refined and professional look. The scammers have gotten very good at disguising their scam messages to make them look (almost) indistinguishable from something that the impersonated company would send.

mcafee scam email example
Another variation of the McAfee email scam.

The text in the email will typically follow one of several scenarios. Most commonly, the user is told that they’ve purchased a McAfee product and now they will be charged hundreds of dollars. A support phone number is provided, and the user is urged to call it if they wish to cancel the purchase.

So far, this all sounds like any other type of refund scheme we’ve seen, but there’s a twist. With most similar scams, when the user calls the phone, they are told to provide their credit/debit card credentials for verification in order to cancel the purchase and that’s how the scammers get to drain their bank accounts. But with the current iteration of the McAfee email scam, the user is told to download remote administration software to refund the purchase. If the software is downloaded, the scammer gains remote access to the device (works on both mobile and desktop) and can then do as they please.

Therefore, if you think you’ve fallen victim to this scam and have downloaded anything given to you by the hackers, we urge you to follow the guidelines shown above and use the removal tool provided on this page (the tool is for Windows PC and Mac systems only). Hopefully, it’s not too late, and the scammers haven’t done any serious damage.

What is the PayPal McAfee email scam?

One particularly insidious and effective variation of the McAfee email scam is when the scammers send fake PayPal emails to their victims. The phishing messages and invoices appear authentic because they are sent through PayPal’s systems and pass email validation checks. In other words, you are technically sent a legitimate PayPal email with that originates from the service’s official site, but it’s actually a part of the scheme and is designed to get you to download the remote access malware.

How to Spot and Protect Against the McAfee Fake Emails Scam

First and foremost, what you must remember is that McAfee would never request in an email message that you call a particular phone number or download a remote access tool. But there are also other signs that the message you’ve received is likely a scam attempt.

For example, if you’ve never purchased a McAfee product subscription, you’ve got no reason to think that your account will be charged for such a purchase.

Also, you should pay close attention to the sender’s email address. Below is a list of all official McAfee emails used to contact their customers and if the email address you got the message from isn’t among them, chances are that you are dealing with a scammer:

mcafee emails list 1
mcafee emails list 2

Obviously, if you are targeted by a PayPal McAfee billing scam, then the sender will be shown as paypal.com, but you can still use the other mentioned signs to determine it’s a scam.

If you come across an email you suspect is a billing scam trying to impersonate McAfee, you can forward it to [email protected] as a way of reporting it to the antivirus vendor.


About the author

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment