Phishing Scams and Online Safety

Key takeaways:

• Losses from text scams hit a record high in 2024.
• Victims are losing more money to text scams even though fewer scams are being reported.
• Popular text scams include delivery scams, fake jobs and unpaid tolls.

Text scams keep stealing money from victims.

People reported around $470 million in losses from text message scams in 2024, which is more than five times the $86 million in losses in 2020, according to data from the Federal Trade Commission.

"Since the vast majority of frauds are never reported, this number likely reflects only a fraction of the actual harm," the FTC said.

Losses from text scams have gone up while reports have declined, suggesting that scammers are getting better at stealing more money from victims.

The FTC said these five text scams account for around half of those reported:

1. Package delivery scams

Scammers can pretend to be the U.S. Postal Service or UPS, saying there was an issue with a delivery and link to a fake website to steal credit card details.

Victims have reported having to pay a small "redelivery" fee that is a trick to get their credit card information.

Package delivery scams were the most reported scam in 2024, the FTC said.

2. Job scams

Fake job offers via text messages, often from scammers pretending to be recruiters, have been around for a while.

But the FTC said the job scam has seen new life as a "task scam," which is when fraudsters offer a job to complete repetive tasks, such as rating products or apps.

Eventually, scammers ask victims to send money to finish their tasks and withdraw their fake earnings.

3. Fraud alert scams

Fraud alert scams can appear as text messages warning victims about supposed big purchases they didn't make.

Sometimes they are given a number to call or are asked to reply yes or no to verify a big transaction. Then, they are connected to a bogus fraud department.

"The scammers then pressure people into moving money out of their accounts to supposedly keep it safe, but it really goes to the scammers," the FTC said. "And people who move that money do not get any of it back."

4. Toll scams

Scammers are constantly sending texts that appear to be from legitimate toll collection agencies, such as E-ZPass, Florida's SunPass and San Francisco's FasTrak.

Tolls scams send a text that ask victims to click on a website to urgently pay an unpaid balance, but it is a trick to harvest credit card and even Social Security numbers.

Toll scams have gained in popularity in 2025: The first three months of the year have had back-to-back increases in the number of toll scams sent by text messages from fraudsters pretending to be toll collectors such as E-ZPass, ConsumerAffairs previously reported.

5. Wrong number scams

The wrong number scam isn't as popular but is still tricking victims by pretending to be an innocent mistake, starting with messages like "hello" or "do you want to get coffee?".

But responding can lead to a costly scam after fraudsters try to strike up a fake friendship or romance and then try to rope victims into a bogus investment.

Key takeaways

• Scammers are increasingly using text messages for fraud (smishing): As technology has evolved, so have scams — moving from phone calls and emails to text messages. Smishing scams are now a common way for scammers to reach potential victims.

• Common smishing hooks use urgency, curiosity, or impersonation: Examples include fake job offers, urgent payment warnings, and mysterious or casual messages from unknown senders. These tactics are designed to prompt a response, confirming your number is active.

• Engaging with scam texts can lead to identity theft: Once a scammer knows your number is active and engages you in conversation, they can extract personal details and potentially steal your identity. Official sources like the FTC warn against interacting with unknown texts and emphasize that legitimate organizations rarely communicate sensitive matters via text.

Back in the day, when most people had landlines, scammers relied on the telephone to hook their victims. Some scams – such as the grandparent scam – still rely on a phone but over the years, scams have evolved with technology.

When the internet came along, scammers used email to target victims. Remember the Nigerian prince scam? An email claimed to be from a Nigerian prince who had been overthrown and he need to get millions of dollars out of the country and he would be happy to give you a cut if you would provide your bank information so he could transfer the money.

Common phrases

Lately, scammers are using text messages in what are known as “smishing” scams to connect with victims. ConsumerAffairs has collected some of the most common messages:

• “Hi, how’s it going?”

• “Hello, I’m Sophia from Bonanz. Your background and resume have been recommended by several online recruitment agencies.”

• “Final Reminder: You have an unpaid toll. Failure to remit by April 16, 2025 will result in additional penalties.”

• “I was cleaning out my contacts and found your number. Who are you?”

• “Did you happen to see my message from yesterday?”

• “Hello, I am Lena, a human resources customer service representative of Adjust. Your resume has been recommended by several online recruitment companies.”

• “A pending debit of $1,174 at Target is processed. If you did not initiate it, visit (link).”

The scammers may have a list of phone numbers or they may be dialing numbers at random. But if you respond and start a conversation, the scammer knows it is a working number and will quickly learn your name.

If the contact develops into a conversation, the scammer will learn other things about you – perhaps enough to begin stealing your identity. 

The FTC's advice

The Federal Trade Commission has also been collecting scam texts and cautions consumers that these texts often: 

• Promise free prizes, gift cards, or coupons — but they’re not real

• Offer you a low or no interest credit card — but there’s no deal and probably no card

• Promise to help you pay off your student loans — but they won’t

Scammers also send fake messages that say they have information about your account or a transaction. Scammers might say they’ve noticed some suspicious activity on your account — but they haven’t.

It’s helpful to remember that job recruiters don’t off jobs in a text and if the message is from a number you don’t know, it’s best to delete it without responding.

There has been no shortage of businesses closing their doors lately. So far in 2025, JoAnn Fabrics and Forever 21 have begun liquidation sales as they wind down operations.

As we have reported, scammers are taking advantage of this fact by launching fake websites designed to look like the retailers’ real sites. The problem got so bad for JoAnn customers that the retailer stopped taking online orders, requiring customers to go to a physical location to make a purchase.

We haven’t heard from Forever 21 on this subject, but consumers should expect to see some websites impersonating that company as well. Shopping online for any sale – especially a liquidation sale – requires extra vigilance. 

For starters, make sure the URL is legitimate. The website for JoAnn Fabrics is https://www.joann.com/. Consumers have reported landing on look-alike sites with URLs that have the name JoAnn in them but don’t have the right extension.

Forever 21 has announced sales of up to 60% off, but any deeper discounts should be viewed with skepticism. There have been reports of some fake going-out-of-business websites offering discounts of up to 80%.

Red flags to look for

To avoid fake going-out-of-business websites, consumer advocates offer this advice:

• Verify the website URL

• Go directly to the official website: Avoid clicking on social media ad links. Instead, type the website address directly into your browser.

• Be wary of too-good-to-be-true offers

• When making a purchase, using a credit card for better fraud protection

• Be skeptical of websites that ask for excessive personal information, such as your Social Security number.

Government agencies are renewing their warnings about the “unpaid toll” scam that usually arrives in the form of a text. The text claims the recipient has one or more unpaid tolls and offers a strange way to pay.

In recent years, highway authorities have phased out toll booths with human operators. Today, they use cameras that make contact with a transponder, such as from E-ZPass, that debits the driver’s account.

If a driver doesn’t have a transponder, the camera records the license plate number and sends the driver an invoice through the mail a couple of weeks later. No state contacts drivers by text and demands to be paid in gift cards.

The FBI began issuing warnings about this scam last year, reporting at the time that it had received more than 2,000 complaints. The law enforcement agency now says the scammers appear to be moving from state to state, sometimes posing as E-ZPass.

The FTC’s advice

The Federal Trade Commission has also issued warnings about the scam. In January, the agency warned Americans the scammers are trying to steal both money and personal information.

“Don’t click on any links in, or respond to, unexpected texts,” the FTC said in a statement. “Scammers want you to react quickly, but it’s best to stop and check it out.”

To avoid being victimized by these scams, the FTC offers this advice:

• Don’t click on any links in, or respond to, unexpected texts. Scammers want you to react quickly, but it’s best to stop and check it out.

• Check to see if the text is legit. Reach out to the state’s tolling agency using a phone number or website you know is real — not the info from the text.

• Report and delete unwanted text messages. Use your phone’s “report junk” option to report unwanted texts to your messaging app or forward them to 7726 (SPAM). Once you’ve checked it out and reported it, delete the text.

Banks’ fraud departments have gotten pretty good at identifying questionable credit card purchases. They employ algorithms that compare a purchase to your regular purchases and alert you if something doesn’t seem quite right.

They often communicate by text because of its immediacy. Scammers have picked up on this and have designed scams to mimic these alerts. A common scam message goes something like this:

“Transfer request of $894.49 to_______has been approved. If you didn't authorize, please visit (link) to cancel now.”

A bank customer getting that text might hastily click the link to stop the transfer. By doing so, they might download dangerous malware to their device or end up on a website where they are asked to reveal personal information.

What to do

So, what should a consumer do? As a first step, analyze the text carefully. Is there a telephone number to call? Banks normally provide a telephone number for the customer to call, as well as a yes/no option on the charge.

Then, ask yourself if the bank has any reason to question the charge. Has it ever challenged legitimate charges in the past? If not, why challenge this one?

If you think the message might be legitimate, go to the bank’s website to get the telephone number of the fraud department and call and ask.

Scammers also use the same gimmick to alarm consumers that an expensive purchase has been made with their credit card, sending a message like:

Did you order this?

“ALERT: iPhone 16 Pro has been purchased from your Amazon account. Click here to cancel.”

Again, why would the credit card company not think you ordered the iPhone? People order thousands of them every day.

Instead of reacting and falling into the scammer’s trap, wait a day, then check your account. If the charge doesn’t show up, the message was a scam. 

If by chance the charge is real, call the fraud department immediately and dispute the charge. Credit card companies limit consumers’ fraud liability and so do most banks if you respond within 24 hours.

There is no shortage of schemes that scammers use to target their victims, and the rapid development of artificial intelligence has only increased these threats. But what threat should consumers take most seriously?

A survey conducted by Omdia,  a technology research and advisory group, found that phishing scams remain the most significant security threat for smartphone users, with 24% of respondents reporting that they have fallen victim to these attacks. Phishing, which involves fraudulent texts, emails, or calls designed to deceive individuals into divulging sensitive personal information, continues to be a major concern as cybercriminals seek easy ways to steal from consumers.

The survey, part of Omdia's fourth annual Mobile Device Security Scorecard, was conducted in October 2024 and included 1,572 consumers across the Americas, Asia & Oceania, and Europe. It identified malware and viruses as the second most common security issue, followed by physical theft incidents like pickpocketing and mugging.

In an evaluation of leading premium smartphones, the survey found that Google's Pixel 9 Pro and Samsung's Galaxy S24 outperformed Apple's iPhone 16 Pro and other Android-based devices such as the OnePlus 12, Xiaomi 14, and Honor Magic 6 Pro. Despite their strengths, anti-phishing protection was a weak point across all devices, with none successfully intercepting all phishing texts, calls, and emails.

Android outperformed

The survey determined that all Android devices from Google, Xiaomi, OnePlus, Honor, and Samsung successfully flagged suspected spam calls before users answered, but the iPhone 16 Pro lacked similar voice call protection. Additionally, none of the tested devices fully flagged simulated phishing emails from Gmail as phishing, only marking them as spam when sent from Google's SMTP.

Devices equipped with Google Safe Browsing protections managed to block phishing links from opening, displaying a warning screen and requiring user confirmation to proceed. However, browser performance varied significantly, the survey found.

For example, Samsung Internet effectively blocked most links, including advanced custom URLs, while Xiaomi Mii and OnePlus Internet browsers failed to warn users about known malicious links, highlighting inconsistencies in Android device security.

"The lack of security protection, particularly against the growing threat of phishing attacks, is eroding consumer trust," said Aaron West, senior analyst at Omdia. “A significant 73% of consumers reported reduced trust in their smartphone brand and operating system developer following a security issue.”

Many companies now communicate with their customers using text messages. So it shouldn’t be that surprising that scammers increasingly used text messages to separate people from their money.

But there are ways to tell a legitimate text from a scam by being aware of these four red flags.

Unexpected messages

If you just started a service, the company may send you a text with important information. Because you just started service, the message is not unexpected.

But if you get an unexpected, unsolicited message from a “company,” watch out. It’s likely a scam. Examples include messages purporting to be from your bank saying there has been fraudulent activity in your account or messages claiming to be from a delivery company saying they can’t find you.

Suspicious links

An unsolicited message that asks you to click on a link is doubly suspicious. The sender either hopes to download malware onto your device or wants to send you to a website where you will be asked to enter sensitive personal information.

Grammatical errors

Many scammers are in other countries and don’t have a great command of the English language. Spelling and grammatical errors in an email that is supposed to be from a big company like Microsoft are a dead giveaway.

Unfortunately, with artificial intelligence platforms and translation software, you can’t really rely on this red flag as much as in the past.

Mistaken identity

Scam texts don’t always impersonate a company. Sometimes, they appear to be a confused, regular person.

For example, you might get a text that says “Hey Jack, I dreamed of you last night. How have you been?”

Fight the temptation to reply that you aren’t Jack. The scammer wants two things: to confirm that the number they texted has a live person on the other end, and to engage. They’re counting on lonely people eager to communicate with someone and perhaps, reveal information that could empty their bank account.

The next time something shows up in your email inbox that claims to be from Yahoo!, DHL, Microsoft, Google, or LinkedIn, resist clicking on it. In Check Point Research’s (CPR) latest Brand Phishing Report, those five brands are the ones most frequently imitated by criminals during the last quarter. 

Yahoo became the top brand impersonated in phishing attacks, climbing 23 spots and accounting for 20% of all brand phishing attempts. DHL – which got looped into phishing hell in a “BHL” impersonation scheme – suffered 16% of the attempts. 

Rounding out the Top 10 were Wetransfer (5.3%), Netflix (4.4%), FedEx (2.5%), HSBC (2.3%), and WhatsApp (2.2%).

Guess what – you’ve just won!

CPR said the attacks are pretty much the same lure – emails with subject lines that suggest a recipient has won awards and prize money. In Yahoo!’s case, CPR found the predominant subject line was “YAHOO AWARD” which was sent by senders with names such as “Award Promotion”, “Award Center”, “info winning” or “Award Winning”.

For most people, seeing an email that says they’ve “won” prize money up into the hundreds of thousands of dollars is hard not to give at least some time to. But, the con unfolds very quickly – asking the recipients to send their personal and bank details, claiming this information was necessary to transfer the winning prize money to their account. 

Most of that is same-old-song stuff, but the analysts said that these emails also contained a warning that the recipient – er, victim – must not tell people about winning the prize, because of legal issues. In other words, the scammers are worried that if the victim tells someone about this, that someone might hit ‘em over the head with a big dose of what’s really going on and the victim will stop, and the scammer will walk away with nothing.

The Instagram hook

CPR’s analysts said that the hook scammers were using for Instagram was built on the subject “blue badge form.” Blue badges are the little blue checkmark that appears next to an Instagram account's name in search and on the profile, and means Instagram has confirmed that an account is the real deal presence of the public figure, celebrity, or brand it represents. 

In this case, the scammers are playing up to people who they think would love the status of having a “blue badge.” and the intent of the email is to persuade the victim to click on a malicious link claiming that the person’s Instagram account has been reviewed and approved by Facebook, the owner of Instagram.

The link leads to a form that asks for specific personal details. Once you submit the form, you basically gave what you entered to the cybercriminals behind the campaign.

The Federal Communications Commission (FCC) continues to try making life more difficult for robocallers. In a new proposal, the agency wants to make it a requirement for robocallers to get consumers' permission before delivering a “ringless voicemail” -- a message left in a voicemail without a person's phone receiving a call.

The FCC is not giving up on full implementation of the Telephone Consumer Protection Act (TCPA), which protects consumers from unwanted robocalls, among other things. To date, the agency has done everything from handing out massive fines to companies that try to skirt the rules to forcing major telephone companies to meet the FCC’s mandate on robocall protection.

The latest effort came on Wednesday when FTC Chairwoman Jessica Rosenworcel shared her idea for a ban on ringless voicemails. She said if she could get the full Commission’s buy-in, it would further prove to consumers that the agency is serious about getting robocalls completely out of their lives. 

“Ringless voicemail can be annoying, invasive, and can lead to fraud like other robocalls—so it should face the same consumer protection rules,” Rosenworcel said. “No one wants to wade through voicemail spam, or miss important messages because their mailbox is full. This FCC action would continue to empower consumers to choose which parties they give permission to contact them.”

It’s “All About the Message”

Rosenworcel’s push comes about as a response to a petition filed by All About the Message LLC – a company that an investigation by Fortune found suggests is headed by two people, one of which is involved in a marketing firm that bills itself as a provider of "Ringless Voicemail for Auto Dealers.”

In the company’s petition to the FCC, it claims that “the delivery of a voice message directly to a voicemail box does not constitute a call that is subject to the prohibitions on the use of an automatic telephone dialing system...or an artificial or prerecorded voice that are set forth in the Telephone Consumer Protection Act."

The Chairwoman’s proposed action would define ringless voicemails as “calls” that require consumers’ prior express consent. It would also deny the petition and effectively end any chance that “ringless voicemail” robocalling technology could shift from a regulatory gray area to legal fair game.

Joseph Steinberg recently got an email that appeared to be from Amazon, thanking him for making a purchase on Prime Day.

The email promised him a $50 bonus if he would click a link and post a review about the item. Steinburg, who is CEO of SecureMySocial, a firm that watches out for problematic posts, didn't bite. Writing in Inc. Magazine, he said he recognized it as one of the countless phishing schemes using Amazon's name and logo.

But many others might easily fall for it. If you had not made a Prime Day purchase you might be highly suspicious, but if you did make a purchase -- and millions of consumers did -- you might throw caution to the wind and go for the 50 bucks.

How to protect yourself

So if you are an Amazon customer, how do you protect yourself from all the scams that try to take advantage of that relationship. Amazon gets asked that question a lot, and has a page on its website that explains how to protect yourself.

For example, if you get an email about an order you didn't place, it's not from Amazon. The company would like you to send the email as an attachment to stop-spoofing@amazon.com. Make sure you don't open any attachments or click on any links in the email.

Amazon says other scams use a variety of reasons to ask for your user name and password. Should you turn that information over to a scammer, they can buy all kinds of merchandise on your account, charging it to the credit card you have on file.

Other scams will tell you that it's necessary to update your payment information. By directing you to a spoofed site, made to look like it's part of Amazon, the scammer can steal your credit card information.

Black market websites

There are black market sites on the web where scammers can then sell your user name and password, or your credit card info, for a small amount, such as $50 to $100. The purchaser can then use it to make a major purchase -- maybe more than one -- before the fraud is detected.

If you receive a suspicious email that you think could be from Amazon, there is a very simple way to tell if it is. Simply close the email and use your browser to go directly to Amazon.com.

If the email says you need to update your payment information, click on YourAccount and then Manage Payment options. If you really do need to update your payment information, the website will have that information.

There are other dead giveaways as well. Phishing emails sometimes are filled with typos and misspellings. In a legitimate link, the URL should start with https://www.amazon.com, followed by the code for the particular page on the Amazon site. If you don't see that in the link, then it's not a real Amazon webpage.

Millions of women have received emails from something called the International Women's Leadership Association, or IWLA. The emails give the impression that the organization has reviewed the qualifications of the recipient and decided to invite her to join their business networking group.

In fact, says New York Attorney General Eric T. Schneiderman, the company sent millions of emails without actually reviewing much of anything. The IWLA has agreed to pay a $200,000 penalty -- which was suspended because of the company's financial condition -- and will clean up its recruiting practices.

“Mass email solicitations cannot be used as a proxy for deceptive marketing practices,” said Schneiderman. “Honesty and transparency are the hallmarks of consumer protection, and those same principles must be upheld online.”

Schneiderman said the IWLA's solicitations come in various forms, but they all contained the statement, “it is my distinct pleasure to notify you that, in consideration of your contribution to family, career, and community, you have been selected as a woman of outstanding leadership.”

Schneiderman said the claim that individuals were chosen for membership based on a review of their qualification was false but nevertheless lured more than 100,000 women into signing up for membership over the last three years.

IWLA is a New York corporation with a main office located in Uniondale, New York. Its stated purpose is to provide “women with opportunities to meet, share and collaborate, whether in business or otherwise.” It claims to market its services to women at all stages of their career to help foster their upward mobility. The IWLA claims over 14,000 members who subscribe to its services and receive the benefits and privileges offered by the association.

With the December holiday-shopping season revving into full gear, the world's thieves, fraudsters and malware writers have been doing the same thing. If you have any web-based email accounts, chances are you've been noticing a recent uptick in the number of “order confirmation” messages landing in your inbox – and chances are they're all fraudulent, trying to trick you into loading dangerously nasty malware onto your computer.

Security blogger Brian Krebs went into some detail explaining the technical aspects of the latest batch of emails: those realistic-looking messages, allegedly from Walmart, Home Depot, Costco or similar retailers, will load a spam botnet called Asprox, which Krebs said is “a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email (such as the pharmaceutical spam detailed in my new book Spam Nation), and perpetuates additional Asprox malware attacks.”

But from a non-technical perspective, all you really need to do is notice that the emails, though professional-looking, are also addressed generically rather than specifically. Almost all dangerous malware or phishing emails do that.

Could apply to anyone

Consider, for example, the fake jury duty or court-appearance notice. If you get such a message, it's always vague enough that it could apply to anybody: “You must appear in court for jury duty.” “You are being sued for lots of money in court.”

Compare that to what a real jury duty or court appearance notice looks like: “Morton Finkleblatt of 37 West Street is ordered to appear in Federal District Court, 1500 Courthouse Plaza.”

Of course, if you actually get a notice it won't look like that, because your name isn't Morton Finkleblatt and you probably don't live at 37 West Street, either. Even if you do, those listed addresses are supposed to mention a city and state, too – specifically, the state where you personally live, and the city hosting the courthouse nearest you. Finally, an actual jury duty or court-appearance notice will come to you printed on paper, arriving in your old-fashioned mailbox.

Of course, that last bit isn't necessarily the case when you buy something from an online retailer: if the seller contacts you, it'll likely be via email rather than snail-mail. But those genuine, non-scammy emails will still include your specific identifying information — real messages from Amazon don't say “Your order has shipped,” they say “Wile E. Coyote, your order of ACME rocket-powered roller skates has shipped.”

The same holds true for Walmart, Home Depot, Target, Costco, and pretty much every legitimate online retailer out there: they might send you emails if you're a customer of theirs, but those emails are addressed specifically to you. And when you get real order-tracking emails or other information about a purchase you actually made, you're not asked to do anything as a result, certainly not asked to click on a link in the email or download some virus-ridden file attachment.

The Federal Trade Commission is warning consumers not to open a bogus email that claims to come from the FTC. The email states it is from the FTC Fraud Department and carries a virus.

"A bogus email is circulating that says it is from the FTC referencing a complaint filed with the commission against the email's recipient," the Commission advises.

The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments.

The spoof email includes a phony senders address, making it appear the email is from frauddep@ftc.gov and also spoofs the return-path and reply-to fields to hide the emails true origin, according to the FTC.

"The email includes the FTC seal but contains grammatical errors, misspellings, and incorrect syntax," according to the federal regulators.

The FTC asks recipients of the email to forward it to spam@uce.gov and then delete the document.

The feds promise that emails sent to the spam address will be filed away in the FTCs spam database to assist with future investigations.

Simply opening the email does not appear to cause harm, according to the FTC. However, it is likely that anyone who has opened the emails attachment or clicked on the links has downloaded the virus on their computer, and should run an anti-virus program< the commission warned in a news release.

The virus appears to install a key logger that could potentially grab passwords and account numbers, the FTC said.

More Scam Alerts ...

Your Bank of America card has been automatically enrolled in the Verified by Visa program, one version of the email says. To ensure your Visa card's security, it is important that you protect your Visa card online with a personal password. Please take a moment, and activate for Verified by Visa now.

Verified by Visa is a legitimate service that adds an additional layer of security to online credit card transactions. If your card is part of the Verified By Visa program, anyone using your card must use a password to complete the transaction.

But anyone responding to this email would not be enrolling in the program. Instead, the link in the email would take them to a duplicate site, controlled by the scammer.

There, they would be asked to enter their credit card information, and might even be asked to divulge the kind of personal information that could be used to change the cards billing address, or even steal the card holders identity.

The return address on the email is enroll@boa.com. Bank of America has been a favorite target of phishing scams lately. Security experts say thats because its such a big bank with lots of customers. Recipients of the email who are Bank of America customers are more likely to fall for the ruse than those who arent.

The dead giveaway that this particular email is a scam is the last line: Please note: If you FAIL to update your Visa card, it will be temporarily disabled.

Security experts note that scammers also use fear or pressure tactics to get recipients of their spam emails to comply.

More Scam Alerts ...

Below is a sample letter you can use to demand that CMS (or similar companies) stop placing unauthorized charges against your account. Be sure to send the letter via certified mail, return receipt requested. Don't email or call. It is a waste of time and does not constitute legal notification.

Date

Consolidated Media Services Inc.
2550 Heritage Court, Suite 106
Atlanta, GA 30339
(Write to whatever address appears on your invoice or other communication from the company)

Dear Sirs:

You recently charged my (credit card/debit card/bank account) $xx for services which I did not order and do not wish to receive. I did not authorize this charge against my account. I have not entered into any agreement with you for any products or services. There is no agreement between us and you have not performed any contracted services or delivered any products for which I have contracted.

Demand is hereby made for an immediate refund of all charges levied against my account. Payment in full must be made to me at the address given below within 30 days or further actions may be initiated.

Additionally, you are hereby notified that you are not authorized to levy any charges of any kind whatsoever against any credit card, debit card or bank account controlled by me at any time unless such charge is specifically authorized by me in writing.

Very truly yours,

Your Name
Your Address
Your City, State and Zip

cc: Federal Trade Commission
    Your Credit Card Issuer (include your account number only on the copy sent to the bank.