The phony invoice scam is a common scam popular with scammers because it is quite effective.  It starts when you receive an email that purports to be from a popular company with which many of us do business that indicates that you owe them a significant payment.   The scammers count on people being concerned that they are being wrongfully charged for a product they did not order.  You generally are provided a telephone number to call if you dispute the bill. If you call the number, you will be prompted to provide personal information that will be used to make you a victim of identity theft.

This particular email appears to come from Webroot, a cybersecurity software company   As always, the purpose of a phishing email such as this one is to lure you into clicking on links contained within the email or providing personal information, in this case by phone if you call to dispute the phony bill . If you click on links in phishing emails, you end up downloading malware and if you provide the requested information, it ends up being used to make you a victim of identity theft. This particular phishing email provides a phone number to call if you wish to dispute the  phony invoice.  If you call the number in the phishing email you will be asked for personal information that will be used to make you a victim of identity theft.

There are a number of red flags that indicate that this is a scam, mot notably the email was sent from an email address that has no relation to Webroot.  Most likely it is the email address of someone whose email account was hacked and made a part of a botnet used to send out thee phishing emails.

This particular phony invoice came with the Webroot logo at the top of the invoice, but it is a simple matter to counterfeit a logo to make the invoice appear legitimate when it is not.

Here is a copy of the invoice being circulated.

Your order is now confirmed with us. We have installed the security in your PC as per your request and
charged you $394.29. If you didn’t order this security, call us immediately +1 844 487 1154
Transaction ID: SXR63521-521GS52-6695ETTR9652
Our Support: +1 844 487 1154
Order Summary:
Product Type: Personal PC Care
Ac Type: Premium PC Security
Payment: Online Auto Charge
Amount: $394.29
Note: This email confirms that you have bought our services and paid for it. We will notify you before
expiry. Kindly share your feedback with us. We would appreciate your feedback.
Do you need any help regarding this product call our support.
Thank you for choosing us.
Billing Dept.


Once, I received a large invoice from a company with which I do business for goods I did not order, but rather than click on the link provided in the email, I went directly to the company’s website to question the invoice.  When the website came up, the first thing I saw was a large announcement that the invoice was a scam and that many people had received these phony invoices.  If you ever receive a phony invoice such as this and you think that it may possibly be true, don’t click on links or call phone numbers provided in the email.  Rather, contact the real company directly at a phone number or website that you know is legitimate where you can confirm that the phishing invoice was a scam.

Never click on links or download attachments in emails or text messages unless you have absolutely confirmed that they are legitimate and don’t call companies at telephone numbers that appear in the email such as this one.  Instead, if the email appears to come from a legitimate company, you can call them at a telephone number you confirm is legitimate .  The phone number that appears in the bogus invoice is not a phone number of Webroot.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link.