In the lead-up to New Year’s, subscription scams are landing in people’s email boxes at a frightening rate. With the goal of making off with someone’s identity, cybercriminals are betting they can scam their share of the more than 40% of consumers who click on a link in a phishing email.
Subscription scams are a favorite of malicious actors because they know how to write an email so that it escapes an email server’s spam filters. You’ve probably received some of these “auto-renewal” emails yourself from companies masquerading as Norton, McAfee, Best Buy/Geek Squad, or Microsoft.
And, having received some ourselves, ConsumerAffairs can attest to how authentic they look. But not everyone may be as suspicious as we are and not be able to detect a real one from a fake one. Since much of the phishing action is tied to Norton-related emails, here are some telltale signs you can look for and things you can do to keep from getting fleeced.
Look for these mentions: “Annual Product Membership,” “Norton Total All Round Security,” “URGENT: Your Norton Subscription Expired,” and “Your Order Has Been Received." When fact-checking website Snopes dug into the situation to find out if the Norton emails it received were fake or real, those subject lines or text in the emails were all found to be from fakers.
In its warning, Norton (the real one) emphasizes that use of the word “urgent” is a sign that the email is a scam. If the email sounds threatening in any way, that, too, is a red flag.
Look for “official” Norton email addresses:According to Norton, the only email addresses that should be trusted as being officials are:
norton@secure.norton.com,
norton@nortonlifelock.com,
ems@norton.com,
lifelock@secure.norton.com, and
information@mail.nortonstore.hk (for China)
Before you do anything, confirm the email is legitimate. Never, ever click on any link in an email until you’ve confirmed that it’s legitimate, the Identity Theft Resource Center (ITRC) suggests. And if in fact, the email is a spoof report it as spam, block the sender and delete the email.
Norton suggests the best way to authenticate whether an email is the real deal is to forward it as an attachment to spam@nortonlifelock.com.
Contacting the ITRC and getting their opinion on whether the email is legitimate or not could help, too. Call toll-free by phone (888.400.5530) or live-chat at www.idtheftcenter.org to speak with an expert adviser.
Norton does not ask anyone to send money via PayPal, Venmo, etc.: Norton, LifeLock, or NortonLifeLock will never ask you to wire or send funds through services such as Western Union, PayPal, Venmo, or Zelle, request payment using electronic gift cards or cryptocurrency, or request that someone send a cashier’s check.
“Most requests to do so are likely coming from a hacker or scammer,” Patrick Schwind, VP of Global Consumer Support at Gen, said.
If you call the so-called company, what your BS detector should look for: If you fell for the scam, not all is lost, but you need to move quickly to correct things. The Federal Trade Commission’s (FTC) strongest advice to anyone who calls a number in an email or gets a call from someone who says they’re from Norton -- or any other company -- is to not give your password. It’s rare that a company will require that.
“[But,] if you did give out your password, the FTC says to change it right away, update your computer’s security software, run a scan, and delete anything it identifies as a problem,” Emily Wu, an FTC attorney recommended.