Cybercriminals are increasingly impersonating antivirus giant McAfee in phishing campaigns designed to trick victims into handing over financial information, downloading malware, or contacting fraudulent support services. The scams typically arrive as urgent subscription renewal notices claiming a device is no longer protected or that an antivirus plan is about to expire.
According to consumer protection experts, the emails are carefully crafted to create panic. Many warn recipients that their computers are vulnerable to viruses, malware, or other cyber threats unless they immediately renew their subscription. Some messages advertise steep discounts of up to 89% for same-day renewals, while others claim an automatic payment is about to be processed unless action is taken.
The goal is not to sell legitimate antivirus software. Instead, scammers attempt to lure victims to fraudulent websites that collect payment card details, login credentials, and other sensitive information. In some cases, the emails include phone numbers that connect victims directly to fake technical support operators posing as McAfee representatives.
Researchers say the campaigns have become increasingly sophisticated, with criminals using AI-generated content to create more convincing emails and websites. Improved grammar, realistic branding, and personalized messaging make it harder for recipients to distinguish fraudulent messages from genuine communications.
McAfee has warned customers that it never asks users to call phone numbers contained in unsolicited emails or text messages. The company advises customers to verify subscription status by visiting its official website directly rather than clicking links included in messages.
Several warning signs can help identify the scam. Fraudulent emails often originate from unrelated or suspicious sender addresses, contain unusual formatting errors, create a false sense of urgency, or include links leading to domains that are not associated with McAfee. Security experts also caution against clicking unsubscribe links contained in suspicious emails, as these can redirect users to phishing sites.
More advanced variants go beyond phishing. Some fake renewal notices instruct recipients to call a support number to cancel a supposed charge. Victims who make contact may be persuaded to install remote-access software, giving scammers control of their computers and access to personal files, stored passwords, banking information, and email accounts.
Anyone who receives a suspicious renewal notice should avoid clicking links, opening attachments, or calling phone numbers listed in the message. Suspected phishing emails can be reported to McAfee and flagged through email providers’ spam and phishing reporting tools. Individuals who have already provided financial information should contact their bank immediately and monitor accounts for signs of unauthorized activity.