Today we (and some of our clients) have received a new Norton scam email which I thought was quite clever and so worth bringing to your attention. It appears to work like this:
You receive this email which suggests that you have purchased Norton Anti-virus when you didn't intend to. Maybe you're supposed to think that you've already fallen victim to a scam, or maybe they want to you remember buying Norton at some point and think that the subscription is still active. Both of these scenarios are fairly believable. I looked at this one for a while trying to figure out how the scam would work when there was no link and no request for your details; I think they want you to actually ring them.
The email suggests that you're going to be charged $385.85 and will continue to be charged every year unless you ring them up and cancel. Apparently these scammers think that an in-person phone call will be more convincing than a pop-up on your computer, and they might be right. I can imagine the phone call where you call them up rather annoyed and flustered and the very helpful operator apologises profusely for the mistake, immediately building trust and goodwill. They're just trying to help. They're not only going to cancel your subscription for next year, they're even going to refund the money you've accidentally spent to your credit card, you just need to give them your credit card details...
Here are some of the red flags that this email is a scam:
The Norton logo is wrong
The email address it came from has nothing to do with Norton
It addresses you as 'Dear Customer' rather than using your name
It creates urgency
The urgency this email generates is where I think it's quite clever. Usually phishing emails like this one will be a lot more blatant about this because scammers know very well that people who are panicking a bit are far more likely to make poor decisions. So a phishing email might say something like 'your Norton license is about to expire and you will lose your protection.' Of course this has little impact on people who don't have Norton Anti-virus, and isn't that scary when you could go ahead and re-buy the product. But the idea of having accidentally spent nearly $400, that would certainly generate some urgency in my mind, and I don't have Norton.