How to spot the scam in 10 seconds
Look at five signals. If two or more match, it's a scam.
- Sender address. Real McAfee sends from
@mcafee.com. Scams use lookalike domains:mcafee-support.com,mcafee-billing.com,mcafeesecure.com, or completely unrelated Gmail/Outlook addresses with "McAfee" in the display name. - A phone number in the subject line or body. Real billing emails never tell you to call to dispute a charge. Scams always include a "+1-833-xxx-xxxx" or "+1-877-xxx-xxxx" number, which connects you to the scammer's call center.
- Round dollar amount, no tax. "Your subscription renewed for $499.99" or "$399.00". Real invoices show the exact tier you have, taxes if any, and the actual card on file.
- Urgency language. "Auto-debit in 24 hours", "Final notice", "Charge already processed". McAfee gives you days, not hours.
- PDF or image-only invoice attached. The phishing variant hides text inside an image to evade email filters. Real McAfee links you to your account; it does not attach invoice PDFs to first-contact emails.
Why this scam exists
Three reasons it became so widespread:
- McAfee is bundled with millions of new Windows PCs, so naming it in the email gives the message instant recognition.
- Many of those bundled installs are forgotten by the buyer. A "renewal" email looks plausible because the user genuinely doesn't remember signing up.
- The payoff is not the fake invoice; it's the phone call. Once you call, the "support agent" runs a multi-hour social-engineering script that ends with a remote-access install (AnyDesk, TeamViewer) and credit-card harvesting.
What to do right now
- Don't reply, don't call the number, don't click links. Just close the email.
- Verify in your real McAfee account, not via the email. Go to home.mcafee.com directly (type it; don't click anything in the email) and sign in. If a real renewal happened, it will be visible in your account.
- If you have no McAfee account at all, the email is definitely a scam. Mark as phishing in Gmail/Outlook (this trains the filter) and delete.
- Report it to McAfee. Forward the email to
[email protected]or[email protected](both are official McAfee reporting addresses). McAfee also accepts reports through the form at mcafee.com/support. They aggregate reports to push takedowns of the sender domains.
If you already called or clicked
If you spoke to the scammer and gave a credit card: call your bank immediately and have the card cancelled, then dispute any charges. If you let them remote into your computer: assume your machine is compromised, run a full antivirus scan, change your email and bank passwords from a different device, and consider a clean Windows reinstall if you saw the "agent" install software.
A related question: "is McAfee itself a virus?"
It's not. McAfee is a legitimate antivirus from Trellix and Gen Digital, founded in 1987. The reason people search for "is McAfee a virus" is that the bundled-install version pops aggressive renewal notices, slows down older laptops, and is hard to fully uninstall. The behavior feels malware-adjacent even though the software itself isn't malicious. For a guide to removing it cleanly, see the related FAQ below.
Verdict
Unsolicited "McAfee renewal" emails with phone numbers and round-dollar amounts are scams in nearly every case. The fix is boring: ignore the email, verify in your account directly, mark as phishing, move on. If you're seeing them often, your address is likely on a marketing list that's been sold to phishing operators; a disposable forwarding address for low-trust signups helps long term.