(615) 443-4842

Merry Christmas! It’s time for Black Friday ads, and great prices. Your inbox is filling with sales ads and…What? a subscription renewal to Norton for $269.25? I don’t have Norton. Hmmm, it says they already renewed and the funds were withdrawn from my account.

One of my clients called and forwarded this email to me this past weekend saying she would call to cancel since they already have Webroot through me. I immediately contacted her and told her it was a phishing scam, DO NOT CONTACT THEM.

Although there are no misspellings present, there are Red Flags that I placed in brackets in the email below.

 

  1. The email is from a Gmail account, not from Norton.
  2. The To: email is a Gmail group account not the individual.
  3. The product is not something you purchased.
  4. Although there says there’s an amount debited from your account, it does not say what account. If you check your accounts, no amount will match.
  5. They give you a number to call that does not match the number on the official company site. A trick is you can type the number into your browser and see if a real company is tied to it. If you don’t see a specific listing, it is most likely not a legitimate phone number
  6. Norton won’t even give out the phone number on their site for fear it will be spoofed: This link will get you close to the number, but you have to put in your information first: Norton Phone Support
A copy of our correspondence is below:
——————————————————————————————————————–
Fwd: Thank You For Your OrderExternal
Inbox
Doe A Deer (Name changed)
Dec 1, 2021, 8:14 AM (1 day ago)
To me

Hi Jim! I am thinking that I do not need this recurring charge from Norton since you always take care of our Webroot subscription. I will contact the Norton billing office and stop this but wanted to check with you first just to be sure. Thanks! Doe A Deer

———- Forwarded message ———

[ From: Madeleine Vuttuler <madeleinevuttler6272@gmail.com> ]
Date: Wed, Dec 1, 2021 at 7:50 AM
Subject: Thank You For Your Order

[ To: <nortonlifelock84@gmail.com> ]

Dear User,
Your 1 Year of N0RT0N Antivirus Subscription has been successfully
renewed and updated.
 The on account payment will be shown soon within next 2 to 4 hours on
your Account Declaration
PRODUCT INFORMATION
[ Invoice ID               :  ILHSIH4554SLK ]
[ Item Name               : N0RT0N Total 360 ]
Command Date           : 1st December 2021
InActivation Date           : One Year from the Date of Purchase
[ Sum                     : 269.25 USD ]
[ Payment Mode            :  Auto-Debit ]
If you want to claim a REFUND then please feel free to contact our
Billing Department as soon as Possible.
You can reach us on [ +1 ( 8 5 5 ) – ( 6 0 4 ) – ( 8 2 0 3 ) ]
Regards,
Billing Department

———————————————————————————————————

The way the email is written is to raise an emotional response from the reader.

  • I don’t use this product!
  • Give me my money back!
  • You bet I’ll call you and chew you out!

This is exactly what the scammers want. When you call:

 

  1. The person on the other end of the call will be polite but probably hard to understand.
  2. They will ask you for the account number you think it came from and will need the following information to check it out: either your credit card number for which they’ll need the full account number, the expiration date month/year, the CVV 3 digit number and your name and address the card is tied to.
  3. Bank account number, with the routing number and checking account number.
  4. They may ask again what the amount was for.
  5. They will verify the information you gave them and say your account will be credited.

What you just did was give the phishing team all the information needed to steal your identity and rack up charges on your account, open fake accounts in your name and destroy your credit rating.

If you call the number back, no one will know anything or the phone number will be disconnected.

We stopped this phishing attempt. Others are similar in scope. If you’re not sure, feel free to call or forward the email to us and we’ll let you know. We’d rather you not get into a mess than have to get you out of one.

One more step, if you want to fight back:

How To Report Phishing

If you got a phishing email or text message, report it. The information you give can help fight the scammers.

Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).

Step 2. Report the phishing attack to the FTC at ReportFraud.ftc.gov.

All the best and stay well,
Jim Nay

Pin It on Pinterest