McAfee scams are fraudulent messages, pop-ups, and fake invoices that impersonate the McAfee brand to steal money or install malware on your device. They are among the most reported tech-support and billing scams in New Zealand, and they work whether or not you have ever owned a McAfee product. This guide explains exactly how each variant operates, what to do if you have been targeted, and how to protect yourself going forward.
What McAfee Scams Mean for NZ Users
The McAfee name is used as bait precisely because it is globally recognised as a security brand. Scammers exploit that familiarity to create a false sense of urgency — your “subscription has expired,” your device is “infected,” or a payment has been “processed” without your consent. In New Zealand, these scams arrive via email, SMS, browser pop-ups, and even phone calls, and they are not random. Scammers purchase or scrape email lists, target users who have clicked on dodgy ads, or simply blanket-dial NZ mobile numbers.
The Commerce Commission and CERT NZ both log McAfee-branded scam reports regularly. Because New Zealand sits within the Five Eyes intelligence alliance, there is a common misconception that our digital environment is somehow more protected. It is not. Five Eyes is an intelligence-sharing arrangement, not a consumer fraud shield. NZ residents are targeted at the same rate as users in Australia, the UK, and the US — and in some cases more aggressively, because scammers know NZ consumers tend to have higher disposable incomes and lower baseline scam awareness than, say, UK users who have been subjected to years of public awareness campaigns.
The Privacy Act 2020 gives you rights around how your personal data is collected and used, and a successful scam that harvests your credentials or financial details is a breach of those rights — but enforcement after the fact is cold comfort. Prevention is the only reliable strategy.
How McAfee Scams Work
There are four main variants in active circulation in 2026. Understanding each one is the fastest way to stop yourself from falling for them.
The Fake Renewal Invoice
You receive an email — often from a Gmail or Outlook address dressed up to look official — stating that your McAfee subscription has auto-renewed and that NZ$299–$499 has been charged to your card. The email includes a phone number to “cancel” the charge. When you call, a scammer posing as McAfee billing support walks you through installing remote-access software (commonly AnyDesk or TeamViewer) so they can “process your refund.” Once inside your machine, they access your banking app, steal credentials, or lock files for ransom. The invoice itself is a fabrication — no charge has been made — but the panic it induces is real.
The Browser Pop-Up Warning
A full-screen browser alert appears, often mimicking a Windows Security or McAfee interface, claiming your device has been infected with a trojan or that your McAfee licence has lapsed. The pop-up plays an audio warning and displays a phone number. This is a scareware technique. The page is typically hosted on a compromised or newly registered domain and uses JavaScript to prevent you closing the tab. No scan has occurred. Your device is almost certainly fine. The goal is to get you on the phone.
The Phishing Email with a Malicious Link
A more technically sophisticated variant sends an email that closely mimics genuine McAfee branding — correct logo, colour scheme, footer disclaimers — with a link to “manage your account” or “download your receipt.” The link leads to a credential-harvesting page that captures your email address and password. If you reuse passwords (and most people do), that single capture can compromise your banking, email, and social media accounts simultaneously.
The Refund Overpayment Scam
This variant targets people who have already engaged with a scammer once. The caller claims McAfee owes you a refund and asks you to log into your internet banking so they can “transfer” the money. Using the remote access they have already established, they manipulate the banking interface to make it appear a large sum (say, NZ$3,000) has been deposited by mistake, then demand you send it back via gift cards or wire transfer. No deposit was ever made — they simply altered what you could see on screen.
NZ-Specific Considerations
ISP and Network Context
If you are on a Chorus fibre connection through Spark, One NZ, or 2degrees, your ISP does not filter scam domains by default, though Spark’s Family Shield and similar parental-control DNS services will block some known malicious domains. These filters are not comprehensive and are not a substitute for browser-level protection. Hyperfibre connections at 2Gbps or 4Gbps do not inherently offer any additional security — speed and security are orthogonal.
New Zealand’s Telecommunications Act requires ISPs to cooperate with lawful interception requests but imposes no obligation on them to proactively block scam infrastructure. CERT NZ operates a takedown coordination service and can request that NZ-hosted scam domains be suspended, but most scam infrastructure is hosted offshore — in the US, Eastern Europe, or Southeast Asia — which limits domestic enforcement options.
The Five Eyes Factor
Some users assume that because NZ is a Five Eyes member, scam calls from overseas are more easily traced and prosecuted. In practice, the Five Eyes arrangement focuses on national security intelligence, not consumer fraud. Scam call centres operating from India, the Philippines, or Eastern Europe are outside the practical reach of NZ law enforcement unless there is a formal mutual legal assistance treaty (MLAT) request, which is resource-intensive and rarely pursued for individual cases below a significant financial threshold.
NZ Streaming and Software Subscriptions
Scammers have begun tailoring fake invoices to NZ-specific services. Alongside McAfee, you may see fake renewal notices for Neon, Sky Sport Now, or TVNZ+ subscriptions. The technique is identical — a fake charge, a phone number, a remote-access request. Be equally sceptical of any unsolicited billing notification, regardless of the brand name on it.
How to Respond If You Are Targeted
- Do not call the number. Any phone number in an unsolicited email or pop-up should be treated as hostile. If you genuinely need to contact McAfee, find the number on the official mcafee.com website by typing the address manually.
- Close the browser tab. If a pop-up has locked your browser, press Ctrl+Alt+Delete (Windows) or force-quit the application (Mac). You do not need to call anyone. Restarting the browser without restoring the previous session clears the page.
- Do not install remote-access software. No legitimate company — McAfee, your bank, Spark, or anyone else — will ask you to install AnyDesk, TeamViewer, or UltraViewer to process a refund or fix a problem.
- Check your actual subscriptions. Log into mcafee.com directly to verify whether you even have an active subscription. Most people who receive these scam emails have never purchased McAfee software.
- Report to CERT NZ. File a report at cert.govt.nz. This takes five minutes and contributes to the national picture of scam activity. CERT NZ can also provide tailored advice if you have already been compromised.
- Contact your bank immediately if you have provided financial details or allowed remote access. NZ banks have dedicated fraud teams and can freeze transactions, reverse recent payments in some cases, and flag your account for monitoring.
- Change passwords for any accounts you accessed while a scammer had remote control of your device, starting with your email and banking credentials.
Best Tools to Protect Yourself
The irony of McAfee scams is that the solution is not necessarily McAfee software — it is a layered approach using tools that address the actual attack vectors.
DNS-Level Filtering
Switching your DNS resolver to a service that blocks known malicious domains is one of the highest-impact, lowest-effort changes you can make. Cloudflare’s 1.1.1.2 (malware-blocking variant) and Quad9 (9.9.9.9) both maintain threat intelligence feeds that flag scam and phishing domains. These are free, work on any NZ connection, and require no software installation — just a change in your router or device network settings. On a typical Chorus fibre connection, the latency impact is negligible.
Browser Extensions
uBlock Origin (free, open source) blocks the ad networks and redirect chains that deliver scareware pop-ups. It is available for Chrome, Firefox, and Edge. Malwarebytes Browser Guard adds a layer of phishing-site detection on top. Neither replaces a full security suite, but together they eliminate the majority of the pop-up scam delivery mechanism.
Email Filtering
If you use Gmail or Outlook, their built-in spam filters catch many fake McAfee invoices, but not all — particularly when scammers use newly registered domains or compromised legitimate accounts. Enabling two-factor authentication on your email account is non-negotiable. If a phishing email does capture your password, 2FA prevents the attacker from accessing your account.
A VPN’s Role (and Its Limits)
A VPN encrypts your traffic and masks your IP address, which has genuine privacy value — particularly relevant given NZ’s Five Eyes membership and the data-retention provisions that can apply to NZ ISPs. However, a VPN does not block phishing emails, prevent you from calling a scam number, or stop you from installing remote-access software. It is one layer in a stack, not a complete solution.
That said, some VPN providers include threat intelligence features — Mullvad’s DNS blocking, NordVPN’s Threat Protection, and ExpressVPN’s Threat Manager all filter known malicious domains at the VPN layer. If you are already using a VPN for privacy reasons, enabling these features adds meaningful protection against the browser-redirect and phishing-link variants of the McAfee scam. For a full evaluation of which providers perform best from NZ connections, see our best VPN guide. If cost is a concern, our free VPN guide covers which no-cost options are actually trustworthy and which introduce more risk than they remove.
Legitimate Antivirus Software
If you want a paid security suite, the options worth considering in 2026 include Bitdefender, ESET, and Malwarebytes Premium. Windows Defender (built into Windows 10/11) is also substantially more capable than it was five years ago and is a reasonable baseline for users who do not want to pay for a third party. The point is not that McAfee software is bad — it is that the scam exploiting its name is entirely separate from any software decision you make.
Comparison: Protection Tools for NZ Users
| Tool | Type | Cost (NZD approx.) | Blocks Phishing Domains | Blocks Pop-up Scareware | Protects Against Remote Access Scam |
|---|---|---|---|---|---|
| Cloudflare 1.1.1.2 DNS | DNS resolver | Free | Yes (known domains) | Partial | No |
| Quad9 DNS | DNS resolver | Free | Yes (known domains) | Partial | No |
| uBlock Origin | Browser extension | Free | Partial | Yes | No |
| Malwarebytes Premium | Security suite | ~NZ$70–90/yr | Yes | Yes | Partial (detects RAT installs) |
| Bitdefender Total Security | Security suite | ~NZ$100–130/yr | Yes | Yes | Partial |
| VPN with threat protection (e.g. Mullvad, NordVPN) | VPN + DNS filtering | ~NZ$100–180/yr | Yes (at DNS layer) | Partial | No |
| Windows Defender (built-in) | Antivirus | Free | Partial (SmartScreen) | Partial | No |
Key takeaway: No single tool blocks every variant of the McAfee scam. The remote-access scam in particular relies on social engineering — convincing you to take an action — which technology cannot fully prevent. Human awareness is the critical last line of defence.
FAQ
I received an email saying McAfee charged me NZ$349. Should I call the number?
No. This is almost certainly a fake invoice scam. Check your actual bank statement — if no charge appears, delete the email. If a charge does appear, contact your bank directly using the number on the back of your card, not any number in the email. McAfee does not send unsolicited invoices for subscriptions you did not initiate.
A pop-up on my computer says I have a virus and to call McAfee immediately. What do I do?
Close the browser. If the tab will not close, force-quit the browser application entirely (Task Manager on Windows, Cmd+Option+Esc on Mac). Do not call the number. Restart your browser without restoring the previous session. Run a scan with Windows Defender or Malwarebytes to confirm your device is clean — it almost certainly is, because the pop-up itself is the scam, not a symptom of infection.
I already called the number and gave them remote access. What now?
Disconnect from the internet immediately by unplugging your ethernet cable or turning off Wi-Fi. Contact your bank’s fraud line right away — have them review recent transactions and consider freezing your account. Change all passwords from a separate, clean device. Report the incident to CERT NZ at cert.govt.nz and to the Police via 105.police.govt.nz. If the scammer installed software, have a technician or IT-literate person check your device before reconnecting it.
Does the Privacy Act 2020 give me any recourse if I was scammed?
The Privacy Act 2020 governs how organisations collect, store, and use personal information about New Zealanders. It gives you the right to request access to your data and to complain to the Privacy Commissioner if an organisation mishandles it. However, it does not directly apply to offshore criminal scam operations. Your practical recourse is through your bank (for financial recovery), the Police, and CERT NZ. The Privacy Commissioner’s office is the right avenue if a legitimate NZ business mishandled your data in a way that contributed to your exposure.
Is McAfee software itself safe to use?
Yes. McAfee (now rebranded as Trellix for enterprise products, with the consumer brand continuing as McAfee) is a legitimate security company. The scams described in this article are criminal operations that misuse the McAfee name — they have no connection to the actual company. Whether McAfee’s consumer software is the right choice for you is a separate question based on features, price, and performance, not safety.
Can a VPN stop me from receiving McAfee scam emails?
No. A VPN encrypts your internet traffic and changes your visible IP address, but it does not filter your email inbox. Scam emails are delivered through your email provider’s servers, not through your internet connection in a way that a VPN intercepts. Some VPNs with built-in DNS threat protection will block phishing websites if you click a malicious link, but the email itself will still arrive. Email-level protection comes from your email provider’s spam filters and from your own scepticism.
Are these scams more common on certain NZ ISPs?
No — the scams arrive via email and phone, not through ISP infrastructure, so your choice of Spark, One NZ, 2degrees, or a smaller regional provider makes no difference to your exposure. The one ISP-level variable is whether your provider offers optional DNS filtering (Spark’s Family Shield, for example). These services block some known malicious domains but are not comprehensive. Regardless of your ISP, configuring your own DNS resolver (Cloudflare or Quad9) gives you more consistent and up-to-date protection.
Bottom Line
McAfee scams are a persistent and well-organised threat to NZ consumers, and they succeed not because of technical sophistication but because they manufacture panic effectively. The fake invoice, the scareware pop-up, the phishing link, and the refund overpayment scam all follow the same playbook: create urgency, offer a phone number, and use that call to gain access to your money or your device. The defence is equally straightforward — never call an unsolicited number, never install remote-access software at a stranger’s request, and verify any billing claim directly through the official website. Layer that awareness with DNS-level filtering, a reputable browser extension like uBlock Origin, and two-factor authentication on your email and banking accounts, and you have addressed the vast majority of your risk. If you have already been targeted, report to CERT NZ and contact your bank without delay. The tools exist, the guidance is clear, and the scam only works if you engage with it.
