McAfee is one of the most impersonated cybersecurity brands in the world, and attacks using its name have more than doubled in the first half of 2025 alone. The reason scammers keep coming back to McAfee is straightforward: the name is associated with protection, and that association creates exactly the kind of fear and urgency they need. A convincing email claiming your security software has auto-renewed for $400 will get attention. Getting you to call a phone number is all they need.
This guide explains how the scam actually works, how to identify a fake McAfee email, and what to do if you have already been caught out.
How McAfee scams work
Most McAfee scams follow one underlying pattern regardless of how they are dressed up:
Create alarm - a fake invoice, virus warning, or security alert creates fear or urgency
Provide a contact point - a phone number or link is offered to "resolve" the problem
Steal or harvest - the contact point connects to a scammer who takes credentials, money, or remote access to your device
The email is the delivery mechanism. The phone call is where the crime happens. Once you are on the phone with a fake McAfee support agent, they will either walk you through steps to "process a refund" while asking for your banking details, or persuade you to install remote access software like AnyDesk or TeamViewer so they can control your device directly. With that access, they can reach banking apps, transfer funds, and harvest credentials in minutes.
Understanding this matters, because it changes how you respond. You do not need to verify whether the email is real before ignoring the phone number in it. The right response is simply: never call a number in an unexpected email.
Common McAfee scam types
Fake subscription renewal email
The most widespread variant by a significant margin. You receive an email claiming your McAfee subscription has automatically renewed and a charge has been applied, typically between $249 and $500. The email includes a convincing fake invoice number and transaction ID, and provides a phone number to "cancel" or dispute the charge.
Documented amounts currently in circulation include $249.99, $299.99, $419.00, $460.11, and $499.99. None of these correspond to actual McAfee subscription pricing.
The number in the email does not connect to McAfee. It connects to a scammer.
Fake browser virus alert
A browser pop-up mimics the McAfee interface and claims a critical virus has been detected on your device, often named as a Trojan or a well-known threat. A button labelled "Remove Threat Now" either downloads malware or redirects to a phishing page. Some versions lock the browser window and display a helpline number prominently.
The tell: legitimate security software never delivers warnings through browser pop-ups asking you to call a number. Browsers cannot scan your device. The pop-up is a visual trick.
Malware-laced attachment
Fake PDF invoices or receipts arrive as email attachments. Opening the attachment installs malware that gives the attacker persistent access to your device or enables data theft. No phone call is needed: the attachment is the payload. Even a PDF that looks like an ordinary document can carry malicious code.
Tech support impersonation
An unsolicited phone call arrives from someone claiming to be McAfee (or Microsoft) support, often following up on a scam email the victim has already received. The goal is to install remote access software on your device. Once connected, the scammer can access banking apps, observe credentials as you type them, or transfer funds while keeping you occupied with a fake "diagnostic" process.
Fake login page
A counterfeit version of the McAfee website, designed to capture your username and password, reached via a link in a phishing email or a fake browser alert. Lookalike domains in active use include mcaffee.com (double f) and variants such as mcafee-security-alerts.com. Hovering over a link before clicking reveals the actual destination URL.
How to spot a fake McAfee email
Check how it addresses you. McAfee uses your full registered name. An email that opens with "Dear Customer," "Dear User," or "Valued Client" was sent by a scammer using a bulk list, not by McAfee's systems.
Look at the sender address, but do not stop there. Legitimate McAfee emails come from @mcafee.com. However, scammers can spoof the display name so it appears to say "McAfee Security" while the actual address is a Gmail account or a lookalike domain. Look at the full address, not just the name shown.
Be suspicious of any unexpected charge, especially large ones. Real McAfee subscription renewals match the plan you signed up for. An invoice for $400 or more from "McAfee" that you were not expecting is not a billing notification. It is a fabrication.
Never call a phone number provided in the email. This is the single most important rule. If you need to contact McAfee, use the number listed at mcafee.com, which you navigate to directly in your browser. Numbers in unexpected emails connect to scammers.
Do not open unexpected attachments. A PDF from a company you were not expecting contact from should not be opened. Even if it looks like a standard document, it may not be.
Hover over links before clicking. The URL that appears when you hover reveals the actual destination. If it does not go to mcafee.com, do not click. You can also paste any suspicious link into ScamInfo's ScamCheck Validator, which checks it for fraud indicators without requiring you to visit the site.
Watch for manufactured urgency. Phrases like "act within 24 hours," "your account will be suspended," or "your device is at risk" are pressure tactics. Scammers create false deadlines because they need you to react before you think.
What McAfee will never do
Address you as "Dear Customer" or "Dear User"
Send unsolicited invoices for subscriptions you did not initiate
Ask you to call a phone number in an email to cancel a charge or receive a refund
Request remote access to your device via email or pop-up
Ask for your password, banking details, or full card number by email
Deliver security warnings through browser pop-ups asking you to call a number
Send emails with unexpected attachments
What to do if you receive a suspicious McAfee email
Do not call any number in the email and do not click any links. Forward the email to phishing@mcafee.com and mark it as spam in your email client.
If you want to verify your actual McAfee account status, go to mcafee.com directly by typing it into your browser. If there is no corresponding notification in your account, the email is fraudulent.
If the email contained a link and you are unsure whether it is legitimate, you can check it through ScamInfo's ScamCheck Validator before visiting the site.
What to do if you already called the number
Your next steps depend on what happened during the call.
If you gave banking or card details: Call your bank immediately. Explain that you may have provided details to a scammer and ask them to freeze the account or card and dispute any unauthorised transactions. Speed matters here.
If you installed any software: This is the most serious situation. Software such as AnyDesk, TeamViewer, or QuickSupport gave the scammer direct control of your device. Disconnect from the internet immediately, then run a full malware scan. Change passwords for your email, banking accounts, and any other services you were logged into on that device, doing so from a separate clean device if possible. Notify your bank regardless of whether money has moved, because the scammer may have observed account credentials during the session. If you are not confident the device is clean, a factory reset is the safest option.
If you only spoke with them and gave nothing away: Change your passwords as a precaution, particularly for email and financial accounts, and monitor your bank statements over the following weeks.
How to report a McAfee scam
Where How McAfee phishing emails Forward to phishing@mcafee.com Fake McAfee websites Report to abuse@mcafee.com FTC (US) ReportFraud.ftc.gov FBI IC3 ic3.gov (for financial loss or remote access incidents) Anti-Phishing Working Group Forward the email to reportphishing@apwg.org ScamInfo Report through ScamInfo's reporting dashboard