Have you received an email stating that your NortonLifeLock subscription is due to renew today and that a specific amount will be deducted from your bank account? The email might even claim that the transaction has already occurred and ask you to call the provided number to reverse it.
It’s a scam, and no money has been or will be deducted from your account by Norton. So, how exactly does this scam work? What can you do to avoid falling victim to it? And if you ever fall prey to scammers’ traps, what should you do next?
What Is the NortonLifeLock Subscription Renewal Email Scam?
The NortonLifeLock subscription renewal scam is an email scam in which cybercriminals send a fake notification email to recipients about the renewal of an antivirus system. They present the email as official notification from NotronLifeLock, a cybersecurity software company.
The scammers add a fake custom ID, invoice number, and renewal date to make the email appear genuine. From the official logo to the professional-looking email design, cybercriminals make the email appear authentic.
Besides that, scammers also include a fake invoice and mention a NortonLifeLock subscription that will be renewed within 24 hours. In rare instances, they may also inform their targets that the subscription has already been renewed and their account has been debited.
After making victims panic, scammers instruct them to contact their billing department by calling the number provided to cancel the subscription or get a refund for the amount deducted (which hadn’t actually been charged).
The scam begins when someone calls the given number to seemingly avoid being charged for something they don’t want. When the target attempts to cancel the subscription this way, the scam could take several forms.
How Does the NortonLifeLock Subscription Renewal Email Scam Work?
First, scammers try to convince their targets to grant them remote access to their laptops or computers. Scammers claim that they can only cancel the subscription by accessing the recipient’s device so that it doesn’t renew or by reversing a transaction already made.
If the recipient agrees and gives them remote access, they ask the user to log into their bank account, so they can cancel or reverse the transaction. After gaining access to the user’s bank account, they use software to obscure the screen, so the user cannot see what they are doing.
To ease their targets’ minds, they say that a technical problem has caused their monitor screen to turn black, and they are working to resolve it. However, their hidden agenda is to make huge deposits to their bank accounts from the victim’s, install malicious software to track user accounts and later access them, or simply remove the protection on their targets’ devices to scam them again.
There have been reports that scammers also use the notorious tech support refund scam strategy to defraud their targets during this scam. They instruct their targets to note their available bank balance, so they can verify the refund later. Afterwards, they edit the HTML of the bank account page to show a higher amount than what it should be.
After that, scammers claim they have sent more than they were supposed to and demand a refund. In reality, the funds remain the same, and the users end up sending their hard-earned cash to cybercriminals instead. When they make the transaction and refresh the screen, they learn the reality of the situation, but it’s too late by then.
Besides the above two main ways scammers may attempt to steal from you, there are various other ways they might harm you.
- A scammer may include a downloadable attachment with the email that contains malware, posing as an official invoice.
- They may include a phishing link in the email and ask you to click on it to cancel the renewal or undo the supposed transaction.
- Scammers may ask you to disclose sensitive information in the email reply.
- They may hijack your browser and spy on you later.
The list goes on and on…
How to Spot the NortonLifeLock Subscription Scam
If you’re unsure whether the subscription renewal email is genuine, ask yourself the following questions:
- Are you subscribed to the product the email says will renew in 24 hours?
- Is the email address you used to register with NortonLifeLock the same one you received the scam email on?
- Does the email mention your name?
- Does the renewal date in the email match the date you received it?
If you haven’t subscribed to any NortonLifeLock product, your name isn’t listed anywhere in the email, and the email address you receive email on is different from your registered one, then it’s definitely a scam.
Although this should be enough for you to realize that the email is fake, you’ll likely see others phishing scam signs to confirm your suspicions. For instance, if the address you receive the email from isn’t official, there are typos in the content, the email creates a sense of urgency, phishing links and attachments are attached, or the email asks for sensitive information, then scammers are running this email campaign.
What Should You Do if You Receive a Subscription Scam Email?
The first thing you should do when you receive a scam email is to verify that it’s a scam. So, look for the signs mentioned above as you read through.
Don’t download attachments or contact the given number, no matter how official it seems. Do not click any suspicious links included in the email, even if they claim to let you cancel your subscription.
Importantly, if scammers ask for remote access, don’t let them. Likewise, if the scammers claim that a transaction to renew the subscription has already occurred, contact your bank instead of asking scammers for assistance.
If you are still uncertain despite knowing all the signs, you can contact Norton support for confirmation. After Norton’s support team confirms that no such invoice has been generated, indicating it’s a scam, ignoring the email would be the best course of action.
What to Do if You Fell for the NortonLifeLock Subscription Renewal Email Scam
If you’ve already called the scammer after receiving the NortonLifeLock subscription scam email or downloaded attachments, here’s what you should do:
- If you’ve only spoken with the scammer, refuse to give them remote access if they ask for it.
- In case you’ve granted scammers remote access, turn off your internet, so scammers can’t connect to your computer if they’ve already installed the tracker. Also, scan your computer for malware and hijacking software before enabling your internet connection again.
- Your privacy could be seriously compromised if they have access to your laptop’s webcam. Turn off your webcam temporarily.
- Scammers may claim to have transferred an extra amount during the transaction reversal and ask you to pay them back. Don’t fall for this.
- If scammers have gained access to your bank account, contact your bank and ask them to freeze it.
Be Smart With NortonLifeLock Subscription Email Scammers
Hopefully, you now understand how the NortonLifeLock subscription email scam works. You should be able to spot the scam and avoid it with our tips. But you’re not the only person who might fall victim for this, so educate your parents, grandparents, friends, and any other family members about these scams too.