Scammed by Fake Norton Antivirus, Lifelock? Here's What to Do

Dennis Faas's picture

Infopackets Reader Daniel B. writes:

" Dear Dennis,

I wanted to pass along this message to let your readers know of a new and incredibly convincing fake Norton email renewal scam involving Norton Antivirus and Lifelock.

I received two emails today (from two different email addresses) with a special promotion to 'upgrade' my Norton Antivirus and Lifelock with an enticing 67% discount off the retail price. The emails are incredibly convincing, unless of course you are knowledgeable enough to realize it's a scam.

If you click on a link to read more or to buy the product, it will lead you to a page where you'll give up your personal information, phone number, and/or credit card.

What happens next is that an Indian tech support scammer will call you on the phone stating that there was an error with your form input on their website, then they will ask for remote access to the machine - this has already been reported on Norton's web forums, and is similar to what you described in the Expert4Help.com review.

Once they're in the machine, they'll install malware, download all your financial information (read: drain your bank accounts) and install remote access backdoors to propagate more scams. This will continue on indefinitely until you either run out of money, or wise up.

How to Tell if an Email 'Offer' is Actually a Scam

There is a slew of 'tells' in the emails I received that reveal this is a scam:

  • First, the sender's email address is completely bogus. In this case it was from ueqaxldjyhvsd3 [at] ueqaxldjyhvsd3.weprem.dauntepicure.host - that certainly is not from Norton or Symantec which makes Norton Antivirus and Lifelock. The only way to realize where the email is coming from is to place the mouse over top of the 'From' field to reveal the true sending address, or to view the email message headers in their entirety (which most people rarely ever do).
     
  • Second, the 'To' email address wasn't mine, but a completely random email address. In this case, the To: field was addressed to ulbqydpy [at] hfhagbwpr.dauntepicure.host, yet it ended up in my email inbox. That's because spammers can forge the To: and From: fields on an email. These type of messages rarely ever get through these days (because most legit email servers won't allow open relaying / spam), but sometimes a few end up getting through and land in the inbox.
     
  • Third - and this is a huge problem - is the phone number. It looks legit, but in fact, it's a scam. The phone number they ask you to call is 1-833-NORTON8 (as seen in the pic here), which resolves to 1-833-667-8668. If you call the number, you'll likely be speaking with Indian tech support scammers, and they'll try to sell you years worth of 'protection,' then scam you again only a few weeks or months later when they find 'something else' wrong with your machine - similar to the tech support scams you've mentioned already.
     
  • The fourth tell are the links in the email. If you hover your cursor over any of the links, your email program should show you the real web address (URL) of the link once it's clicked. In this case, it's a convoluted link which doesn't lead to Norton's website - and you can bet it's a scam. In the emails I've received, all the links point to the same URL no matter what link or image you click. This is a dead giveaway that it's a scam. Even the 'Unsubscribe' link leads to the same URL.

If you already use Norton Internet Security (and likely any legitimate Internet Security program), hopefully this URL will be blocked by your web browser, though certainly this won't be the case for everyone.

Please alert your readers of this scam. It's incredibly convincing. "

My response:

Thanks Daniel for the heads up, and please share this post with friends! Click here to see an image of the Norton Antivirus / Lifelock scam email that Daniel received.

Scammed by Fake Norton Antivirus, Lifelock? Here's What to Do

This scam goes beyond losing money on a fraudulent license of Norton Antivirus and Lifelock - it goes much, much deeper, as I have uncovered over the years.

Please read very carefully -

  1. If you paid for a fake license and installed a fake copy of Norton Antivirus, you likely installed malware on your machine.

    This malware can do a number of things. First, it may alert you of fake virus warnings and try to get you to call a 1-800 number to "fix" the "problem". Here is a post by Malwarebytes.com that confirms what I just said. In this case, you'll be dealing with fake tech support scammers that will convince you to allow them to connect to your machine, then they will install more malware, which will inevitably lead to draining your bank accounts. If you don't pay what they ask they'll delete all your files or lock you out of your machine as punishment, as I've reported many times before.

    It gets worse, however. The malware they plant on your machine can then download other malware that can record your keystrokes, spy on you, download financial information, and allow unprecedented access to your machine (remotely) by other cyber criminals.

    Unfortunately, uninstalling the fake antivirus won't be enough - you'll need to have your machine examined and cleaned by a real professional - such as myself - to ensure it's clean. As a senior systems administrator (view my resume here), I am able to connect to your machine and undo the damage and malware installed by these criminals. I have been providing such a service for the past 5 years and know exactly where to look - contact me here.
     
  2. If you let a fake "Norton technician" connect to your machine by remote because of "problems with the online form" while attempting to purchase their fake "offer" - you are already in a heap of trouble for the same reasons I described above.
     
  3. As I've reported many times previously: once scammers are connected to your machine, they can get back in whenever they want. It means they will download all your financial information from your PC, record keystrokes, and more. This translates to identity theft, unauthorized credit card charges, drained bank accounts, etc. One of my clients lost $18,000 the next day after letting scammers into his machine. This remote access must be removed and threats eliminated or you will be in a world of unending hurt. If this has happened to you already, please contact me for 1-on-1 support, and I will remove these threats for you and tell you how to keep your money safe. Contact me here.
     
  4. Some scammers will go as far as trying to sell your house, as reported by the CBC (Canadian Broadcasting Corporation)! This is no joke, and originates from fake tech support scammers located in India. Please read this post for more information which also includes a 20 minute video which proves exactly what I just said.

If you called the number and need help, you are welcome to contact me for additional 1-on-1 support, described next.

Additional 1-on-1 Support: From Dennis

I've been dealing with scammers (mainly from India) for the past 5 years, and have written a number of articles concerning the subject. In short, this scam is managed by a very large criminal organization and they will do everything they can to get your money and make your life a living hell. As a senior systems administrator, I can advise you on what to do, and can also undo the damage caused by the scammers on your PC - ensuring that your computer and money is safe. If you called the number and you need help, I am more than happy to assist; simply contact me, briefly describing the issue, and I will get back to you as soon as possible. I get asked all the time, "But Dennis, how do I know you're not a scammer, too?" In this case, I invite you to please review my credentials here, and read articles I've posted in the last 18 years online to prove my legitimacy.

Rate this article: 
Average: 5 (10 votes)

Comments

brianc_12848's picture

I read your article about Norton AntiVirus Scam with interest and have a couple of questions if someone can fill me in.

I have had Norton since 2018 and when my renewal came up in April, as I recall I was online to the Support Chatsite anyway when I complained about the fact that their renewal had gone up from my original $ 39.99 or $ 59.99 (can't remember which) to $89.99. The Technician then offered me the deal to upgrade online at a lower price, which I did provided (he said) I opted to auto renew (which I could cancel anytime - and which I did so immediately afterwards).

Apparently, there have been lots of comments about this price Hike from users who reasonably feel they should not be penalized for using 'auto-renew' (which fortunately, I had cancelled the first time round) especially when they can let their subscription expire, apply as a new user and get the lower price as an 'introductory price 'and the Tech said he acknowledged that this was indeed the case and he would forward my concern to the powers that be. You article though, now gives me 'pause for thought' when letting the subscription expire and searching for a better deal.

I have used the Support Chat line a few times and they are always very helpful and quick to respond but I did notice that most of the Techs appear and sound to be Indian so I was wondering if you had an idea where Norton Support IS located and if it's just coincidence that they are Indian. Nothing against Indians and no offense intended to anyone but just curious.

Only on one occasion when I was online to Chat Support that the Tech asked me if I would like him to log on remotely to which I responded - 'No - no offense but I never do that' and he was quite OK with it - never been asked again.

Lastly, I did review the EMails and Renewal Offer Messages etc and all the addresses appear to be legit and the Antivirus seems to operate well so hopefully, I'm good. My main concern was just that every time I have logged onto support chatline (something I never usually do), I get an Indian Technician and knowing what's out there ...well...

Thanks for the article - does make one double check these things.

p.s. My Browser said it was an unsecure connection when I was signing up to Infopackets - is this correct - (I'm very 'itchy' 'bout these things - again, no offense )?

Dennis Faas's picture

Not to go off topic here as I don't want to distract from the main point in the article, but, I've been using free Antivirus since the early 2000s and have never looked back. I've rarely ever been infected.

The fact is, most third party antivirus programs are way over the top with their "protection" and "promises" being offered, which only serve to slow the machine down. I use Avast! antivirus free with -only- real time shields enabled because it seems to run faster than Windows Defender (plus it's essentially a second opinion to Windows Defender since it runs alongside Avast). Any additional "protection" (whether it's offered by Avast or not) is snake oil in my opinion.

Simply: you don't need to pay for antivirus, and you don't need to pay for a firewall, either. Windows 10 has its own antivirus and firewall built in, both of which work fine. This is the same technology used in large corporate environments on Windows Servers that control millions of machines.

Some people will disagree my sentiments and that's fine - do whatever makes you feel safe, but keep in mind that many of these antivirus corporations will use scare tactics to make you think you're "more protected" when it's really, really not necessary.

If you want the "ultimate" in protection, do backups weekly and store some offline. I've answered this question in depth already:

Top 15 Ways to Keep your PC Secure in 2017 and Beyond

Explained: Do I need a third party firewall?

As for your question about Infopackets "not being secure", please make sure you're signed into https://www.infopackets.com and not http://www.infopackets.com. Notice the S in the first URL = secure.

oadbyPC's picture

I too use free a/v (in fact, I get all my software for free from www.techsupportalert.com) but have been wondering for some time whether I should just use Windows Defender as I thought it would be the fastest and most reliable (in terms of interacting with Windows, not finding viruses (another issue altogether as ratings go up and down for a/v vendors)) but also the least likely to add an additional attack vector (as it stays installed even if you install another a/v) and now the possibility of customers (I also work in IT) getting conned into downloading fake a/v, which I hadn't even considered before today, makes me even more inclined to choose Windows Defender so I'm a little surprised/disappointed to hear you say it's slower than AVG! Do you mean slower in running a scan or does it actually slow the PC itself more than when you install AVG?

As for Norton using Indian call centres, this is entirely possible as many companies outsource call/support centres to India which just makes the nefarious schemes of these scammers more plausible and therefore easier. I will therefore be recommending people DO NOT install 3rd party a/v and just rely on Windows Defender, if they have Win10, with MBAM a possible backup for malware.

dan_2160's picture

A tip to the wise. You can save money by NOT using auto-renew or buying from Norton directly (or likely any anti-virus/internet security program).

You can almost always purchase Norton Security (in its many varieties) for less from frys.com (and sometimes from newegg.com and amazon.com). Sign up for Fry's Electronics' email Deals of the Day and Deals of the Week. For example, this week they're selling Norton" 360 Premium 75GB for 10 Devices, 1 Year Subscription for $39.95, $60 off Symantec's regular price and Norton" 360 Deluxe 50GB for 5 Devices, 1 Year Subscription for $35.99, $45 off the regular price. When you current subscription is about to expire, install or enter the serial number of the new one (I think that Norton still does not add time to your subscription - so you have to wait until it's about to expire before entering your new subscription.)

That should bring down your costs. Also check with your Internet Service Provider. Some, like Comcast, provide Norton Internet Security for free to subscribers.

ron_weiskopf's picture

I hadn't noticed before, but the links from the e-mail message do not have the https: for the link. I don't know if there is any risk since I don't post credit card numbers or anything,

brianc_12848's picture

Not a problem - Just that the Latest Firefox Browser has started to flag insecure links at Log-on (which is probably not a bad thing - just can be irritating as it makes some sites a bit difficult to log on).

Dennis Faas's picture

The issue is that PHPList converts my https:// newsletter links back to http://. I will be upgrading PHPList in the next while and hopefully that will fix the issue.