Skip to main content

These days criminals will try anything to scam you out of your hard-earned money. The scam below was recently reported to us by a Webroot user and we have had a few additional calls about it as well. 

It’s simply an email with a fake invoice receipt that appears to come from an email address posing as Webroot.  

The invoice has a phone number with an +1 833-area code to call in case of any questions (which of course you will have if you think $499.99 has been automatically charged to your credit card)! 

The scam is simple: 

  • You call the number and dispute the charges.  

  • The scammer at the other end of the line says, YES it’s a mistake in Webroot’s systems, sorry etc. 

  • They can refund you right away, can you provide your credit card information in order to reverse the charges.  

  • They use your credit card details to do their worst with your money! 

Unfortunately, it’s one of thousands of phishing scam attacks we see each day through Webroot’s BrightCloud Threat Intelligence service, and we are aware of this and many other fraudulent Webroot websites and phone numbers on the internet.  

Check out this article for more information on these types of scams and what you can do to be better educated on them. 

Like the other phishing emails and associated URLs and IP addresses, this information is identified, analyzed and classified by Webroot BrightCloud Threat Intelligence. Once it is added to our database, our community of Webroot users are protected automatically.

The thing to remember is not all phishing attacks and scams need you to click on a link. In this case it’s calling a toll-free number beginning with the US area code of 833. As this article discusses, the 833 area code is often associated with malware and should ALWAYS be treated as suspicious. 

For more information and tips on how you can stay safe from scammers this holiday season, be sure to visit the Webroot blog.

As I buy through a distributer in the UK, I know what top expect payment wise, but, if you had someone else not familiar with renewals etc, then they could get caught out easy enough. Worth mentioning this to staff and clients in case they they think they have to pay!!


Thanks for the heads-up.  Fortunately, we haven’t seen this yet.


Good heads up, however we have seen this with clients before.


Not surprising, I have received a number of emails and phone calls like that. I have three suggestions: 

1). Wait for the second notice, then go check your credit card (or bank account) balance on-line BY ENTERING THE ADDRESS OF THE BANK OR CREDIT CARD COMPANY BY HAND! Do not click on links.  If the charge is not on your card or bank statement by the second notice, these are scams.

2). My credit card company, and a number of others now offer “virtual card numbers.” I use Capital One. When I buy on-line, a Chrome extension (sorry Apple users, no extension for Safari yet) from Capital One will open a tiny window to allow you to log into your credit card account where you can look up or  generate a virtual credit card number. That new number is only valid at that merchant’s website. It is useless anywhere else. In addition, if you think someone is scamming that number, you can lock it without having to turn off your whole card.  Even if you mistakenly give out that number, it is mostly useless to hackers unless they want to buy a lot of things from that merchant.

3). Do not call the number in the invoice, do not reply to the email, do not click on any links. Go look up the company contact info on-line. if it does not match, it is most likely a scam. But I suggest you call that company anyway. Let them know the scam is happening so they can be ready as well, or tell you it is real and handle it on a call you looked up and initiated. 

But what I tell clients is be a skeptic. Typically, most companies will not call you or email you to say you are over due. And if they do,  look up charges on your card, call the company, and be proactive in check from outside the source of the notice. 


$500 is an amount for scammers to specifically target people.

Its not that difficult to guess invoicing addresses (accounts@ invoices@ bills@ etc)  for companies and simple web searches would probably bring up companies who sell Webroot.  Fake invoicing is much worse when it looks exactly like the original but with changed payment details, so this example is not actually that good, However its always great to remind everyone (however clued up they may be) that scammers are targetting them or their field of work.