What Is the Norton Subscription Renewal Email Scam? How to Avoid It

Posted on August 19, 2022

Have you received an email stating that your NortonLifeLock subscription is due to renew today and that a specific amount will be deducted from your bank account? The email might even claim that the transaction has already taken place and ask you to call the number provided to reverse it.


It’s a scam, and Norton has not and will not deduct money from your account. So how exactly does this scam work? What can you do to avoid being a victim of it? And if you ever fall prey to scammers, what should you do next?


What is the NortonLifeLock Subscription Renewal Email Scam?

Scam email from Norton showing a subscription renewal receipt
Image credit: NortonLifeLock Blogs

NortonLifeLock Subscription Renewal Scam is an email scam in which cybercriminals send recipients a fake notification email about an antivirus system renewal. They present the email as an official notification from NortonLifeLock, a real cybersecurity software company.

Scammers add a fake personalized ID, invoice number, and renewal date to make the email appear genuine. With an official logo and professional-looking design, cybercriminals make email look authentic.

On top of that, the scammers also include a fake invoice and mention a NortonLifeLock subscription that will be renewed within 24 hours. On rare occasions, they may further inform their targets that the subscription has already been renewed and their account has been debited.

After sending victims into a panic, the scammers instruct them to contact their billing department at the number provided to cancel the subscription or get a refund for the deducted amount (which had not been collected anyway).

The scam starts when someone calls the given number to ostensibly avoid getting charged for something they don’t want. When the target tries to unsubscribe in this way, the scam can take several forms.

How does the NortonLifeLock subscription renewal email scam work?

Norton Subscription Renewal Scam Email
Image credit: NortonLifeLock Blogs

First, scammers try to convince their targets to grant them remote access to their laptops or desktops. Scammers claim that they can only cancel the subscription by accessing the recipient’s device so that it does not renew or by reversing an already made transaction.

If the recipient agrees and gives remote access, it asks the user to sign in to their bank account so they can cancel or reverse the transaction. After gaining access to the user’s bank account, they use software to darken the screen so that the user cannot see what they are doing.

To reassure their targets, they say that a technical problem has caused their monitor screen to go black and they are working to resolve it. However, they really intend to make large deposits into their bank accounts from the victim, install malicious software to track users’ accounts and access them later, or simply remove protection from their targets’ devices to scam them again. .

There have been reports that scammers also use the notorious tech support refund scam strategy to defraud their targets during this scam. They instruct their targets to take note of their available bank balance, so they can check the refund later. They then edit the HTML of the bank account page to display a higher amount than it should.

After that, the scammers claim they sent more than they should and demand a refund. In reality, the funds remain the same and users end up sending their hard-earned money to cybercriminals. When they make the transaction and update the screen, they know the reality of the situation, but by then it’s too late.

In addition to the two main ways above that scammers can try to steal from you, there are other ways that they can hurt you.

  • A scammer may include a downloadable attachment with the email that contains malware, posing as an official invoice.
  • They may include a phishing link in the email and ask you to click on it to cancel the renewal or undo the alleged transaction.
  • Scammers may ask you to disclose sensitive information in the email response.
  • They can hijack your browser and spy on you later.

The list goes on and on…

How to spot the NortonLifeLock subscription scam

If you’re not sure if your subscription renewal email is genuine, ask yourself these questions:

  • Are you subscribed to the product that the email says will renew in 24 hours?
  • Is the email address you used to sign up for NortonLifeLock the same as the one where you received the fraudulent email?
  • Does the email mention your name?
  • Does the renewal date on the email match the date you received it?

If you have not subscribed to any NortonLifeLock products, your name does not appear anywhere in the email, and the address you receive the email at is different from the one on file, then it is definitely a scam.

While this should be enough for you to realize the email is fake, you’ll likely see other signs of a phishing scam to confirm your suspicions. For example, if the address you are receiving the email from is unofficial, there are typos in the content, the email creates a sense of urgency, phishing links and attachments are attached, or the email requests sensitive information, so scammers are running. this email campaign.

What should you do if you receive a fraudulent subscription email?

The first thing to do when you receive a fraudulent email is to verify that it really is a scam. Look for the signs mentioned above as you read.

Do not download attachments or contact the given numberno matter how official it seems. Don’t click any links included in the email, even if they say they allow you to unsubscribe.

It is important to note that if scammers request remote access, do not allow it. Similarly, if scammers claim that a transaction to renew your subscription has already taken place, contact your bank instead of asking scammers for help.

If you are still not sure despite knowing all the signs, you can contact Norton technical support for confirmation. After the Norton support team confirms that no such invoice has been generated, indicating that it is a scam, ignoring the email would be the best course of action.

What to do if you fell for the NortonLifeLock subscription renewal email scam

If you’ve already called the scammer after receiving the NortonLifeLock subscription scam email or downloaded attachments, here’s what to do:

  • If you’ve only talked to the scammer, refuse to give them remote access if they ask for it.
  • In case you have given scammers remote access, turn off your internet, so that scammers cannot connect to your computer if they have already installed the tracker. Also, scan your computer for malware and ransomware before enabling your Internet connection again.
  • Your privacy could be seriously compromised if they have access to your laptop’s webcam. Turn off your webcam temporarily.
  • Scammers may claim that they transferred an additional amount during the reverse transaction and ask you to pay them back. Don’t fall for this.
  • If scammers have gained access to your bank account, contact your bank and ask them to freeze it.

Be smart about NortonLifeLock subscription email scammers

Hopefully, you now understand how the NortonLifeLock subscription email scam works. You should be able to spot the scam and avoid it. But you’re not the only person who could fall victim to this, so tell your parents, grandparents, friends, and any other family members about these scams, too.

Leave a Reply

Your email address will not be published. Required fields are marked *