Catch Of The Week: Norton Invoice Phishing Scams

For the Los Alamos Daily Post

An ongoing phishing scam is the fake Norton invoice scam … we’ve been seeing this for years, but it can still catch users. Norton is a company providing subscriptions for antivirus and privacy/security services like LifeLock.

In the scam a user receives an invoice via email from “Norton” or other companies, like the image below:


Looks pretty legit right? Remember, it’s easy to spoof any company’s branding in an email.

Weirdly the majority of these do not have links, they are simply an email with a PDF attachment.

The attachment usually will not have a link either, just a “customer service” number. The scam counts on the fake invoice and “pending” charge to frighten you into calling the fake number.

If you call the number you will be connected with a friendly agent, ready to assist you with the problem…they will ask you to install some kind of remote access software like LogMeIn or others so they can fix the issue. After the software is on your computer, they will try to get you to login to your banking site so they can “process your refund”. If you login to any accounts while they have remote access, they can steal your credentials, giving them access to your online banking, or other accounts. Another twist is to install ransomware, or other malware, and compromise your host that way, as well as extorting you out of a fee to remove the ransomware.

If you receive any suspicious emails from Norton about an account renewal, look for these signs it’s a phish:

  • Misspellings, urgency, or threat.
  • A pdf attachment is a likely sign it’s a phish, real invoices from Norton would not be communicated in this way.
  • The sending email address will not be from a Norton domain, it will likely be gmail or hotmail, etc. You can verify domains for Norton here.
  • They don’t address you by name in the invoice, but just by your email address.
  • Do you even use Norton, or are you using another provider? If you aren’t using them, they wouldn’t be sending you an invoice.

Still have questions? You can reach out to Norton directly about any suspicious emails here.

Similar scams are out there using GeekSquad, or other subscription service providers. If you aren’t sure about an email, always go directly to the merchant’s website, never click on links in an email or text. Norton also offers an app to help you tell if a suspicious email is a scam or not, the Genie scam detector here.

Never call a number, or click on any links, in a strange email, you could end up with compromised accounts, loss of sensitive information, or a ransomware attack locking down your computer. If you get a scam like this in your email, don’t interact, just delete it!

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.

LOS ALAMOS website support locally by OviNuppi Systems