Ask a Tech
Exposing the refund scam: How scammers trick you into sending money
This is the first instalment in my series breaking down common scams. I'll be covering various types of scams throughout this series, leading up to the most troubling scam of all — the one where they convince you to send them money.
Hold tight - we’re checking permissions before loading more content
Today, we’ll discuss and expose the refund scam, look at how scammers can trick you into sending money, highlight some red flags to look out for, and summarise with some key points.
How it works
The so-called ‘refund scam’ typically begins when you receive an email claiming there has been fraudulent transactions on your account. The email might refer to PayPal, a credit card, or another banking service, and it typically provides a phone number for you to call. When you call the number, you are connected to the scammer’s call centre.
The scam escalates when the scammer tries to gain access to your computer. They often use remote-access software, such as AnyDesk, which allows them to view your screen. In some cases, they may direct you to a website that facilitates remote connections, but unlike AnyDesk, this method can keep them connected even after the call ends.
Red flag: Legitimate companies, like PayPal, would never ask for remote access to your computer to issue a refund. They would simply advise you to contact your bank for further assistance.
Once the scammer gains access to your computer, they will ask you to log into your bank account. This allows them to see how much money you have in your account. In this example, hypothetically, they might see that you have $10,000. The scammer will explain that the fraudulent charge won't appear right away, claiming it could take up to 24 hours to reflect in your account.
Red flag: Any legitimate payment or transaction usually shows up quickly, often as a pending charge.
The scammer will then guide you to a refund form or to open a program on your desktop, such as Command Prompt, and ask you to confirm your details. As you enter the information, they monitor everything you input. When you specify that you are expecting a refund of $100, the scammer will claim that there has been an error, stating that you accidentally entered $10,000 instead. The scammer will then act distressed, insisting that this is a major mistake and could cost them their job, hoping to evoke sympathy from you.
They will then ask you to hold the line while they "contact their manager" to discuss the supposed error, a tactic meant to heighten the urgency and make the situation feel more legitimate. At this point, they will lock your screen with a message like "Your computer is updating, please wait", which makes it seem like a legitimate system task. In reality, this is done to prevent you from seeing what they are doing on your computer.
While your screen is locked, they will manipulate the HTML code on your bank’s website using developer tools. These tools allow them to temporarily change the way your account balance is displayed. For example, if your account originally shows $10,000, they might alter the page to display $20,000. However, these changes are only visual and will disappear if you refresh or close the browser.
The scam relies on these fake changes to convince you that they’ve mistakenly refunded you too much money, prompting you to "return" the extra $10,000, which in reality would be real money sent to the scammer.
Changing the code on your screen does not interact with your bank account at all — it's purely a visual illusion. It's similar to a magician’s sleight of hand, designed to deceive you and keep you distracted while they prepare for their next move. The altered numbers you see are not real, and the scammer uses this trick to make you believe that money has been refunded or transferred when, in reality, nothing has changed in your account. This tactic is solely meant to manipulate and confuse you, setting up their next step in the scam.
When they unlock your screen, your account will appear to show a successful refund of $10,000, which they claim was mistakenly processed.
Red flag: If they claim that legitimate charges take 24 hours to appear in your account, why did their "refund" show up immediately?
If you start to question the situation or suspect something is wrong, and confront the scammers, they have one more trick up their sleeve. They will lock your screen again and modify the HTML code to make it appear as though your account balance is now $0. At this point, they will become aggressive, claiming they have drained your account and demand that you follow their instructions to "refund" the supposed overpayment.
Red flag: If they can drain your account in seconds, they could have easily processed or reversed the refund themselves.
At this point, the best thing you can do is to immediately hang up and shut down your computer. This will cut off the scammer’s connection to your device. Next, contact your bank right away to inform them that you may have been scammed and that someone accessed your account while you were logged in.
Additionally, do not turn your computer back on until you’ve taken it to a professional. They can check your system and remove any remote-access software that the scammer may have installed.
Key takeaways:
- Legitimate companies will never ask for remote access to your computer to issue refunds. Always verify the legitimacy of the request.
- Be cautious of urgent claims of mistaken refunds and requests for large sums of money to be returned. Always confirm with your bank before taking any action.
- Watch out for scammers using fake transaction errors or manipulated account balances to pressure you into sending money.
- If something feels off, end the call and shut down your computer immediately to cut off the scammer's connection.
- Always contact your bank directly if you suspect fraud, and never follow instructions to "refund" or send money without verifying the situation with your financial institution.
- Get your computer checked by a professional after a scam attempt to ensure no malicious software remains on your device.
As always, if you enjoyed this article or have any questions or story suggestions, feel free to reach out to me at askatech@mmg.com.au
There are no silly questions — I'm here to help and educate readers every step of the way.