Norton Phishing Email | Example and Analysis
Norton, a renowned antivirus brand established in 1991, offers comprehensive protection against malware and computer viruses. Over the years, Norton has played a crucial role in safeguarding computing devices from hackers, phishing scams, and various cyber threats. In addition to antivirus solutions, Norton also provides security features such as parental controls and identity theft protection. NortonLifeLock, the parent company of Norton, boasts one of the largest user bases globally, with over 80 million users across more than 150 countries (source: NortonLifeLock Corporate Profile).
Unfortunately, Norton's popularity has not only attracted legitimate users but also cyber criminals and malicious individuals. Despite Norton's efforts to protect users from phishing scams, Norton users have become prime targets for phishing emails. Below is an example of a phishing email that was sent to me:
What the phishing Norton email reads:
Subject: Order Processed
User, welcome:Our services are listed below. Norton Security is not subject to renewal. The amount will be shown on your statement.
There is a difference between one security program and another. Norton Security is in development. In other words, a cost of $ 299 per year is about $99 per day.
Number 114AQ41AA111.
All devices that you want to protect must be installed with NortonTM 360 Deluxe. Here's how to do it:
Subscribers' subscriptions will renew on Jan 26th 2022 for $ 299.99/year + applicable taxes
Get Started
Item Sub Total $299.99
Plan Details 1 Year Full Pc & Mobile Protection
Taxes $0.00
Total $499.99
If you have any questions about your purchase, please contact us on +1 806 884 4225
Thanks - The Norton Team
The email mentioned above purports to be from Norton. It asserts that my Norton subscription has been renewed at a cost of $499.99. Furthermore, the email claims that the order has been processed, implying that the account linked to the Norton product has been charged accordingly.
Upon receiving an 'Order Processed' email in my inbox, I, like any other user, experienced a sudden panic. As I quickly skimmed through the contents of the email, my anxiety intensified upon discovering a charge of $499.99 for Norton 360 Deluxe. My immediate focus shifted to contacting Norton and seeking clarification regarding this email. However, something caught my attention, then something else, and another, leading me to the realization that the email was fraudulent. In this article, I will examine the email and provide evidence as to why I deemed it a phishing attempt. It is crucial to note that this email did not originate from Norton, and the order mentioned within was fabricated. To accomplish this analysis, I will refer to our previous article on how to identify phishing emails, which offers comprehensive guidance for assessing an email's authenticity prior to taking any further steps.
INDICATOR 1 - I DID NOT EXPECT AN EMAIL FROM NORTON
Despite having used Norton antivirus in the past, I have never been a subscriber to any of their security solutions. This means that while my profile information may exist within the Norton user database, they do not possess my financial data necessary for processing and fulfilling an order. Consequently, receiving an email with the subject line 'Order processed' raised suspicions and prompted me to conduct a thorough analysis of its contents. The sender of the email does not care about my Norton subscription, their only intention is for me to panic and call the number indicated in the email. Every legitimate email from Norton typically includes contact details such as an email address and phone number, along with a link to their official contact page. However, this particular suspicious email lacks those usual elements and only provides a phone number for users to call. It is important to be aware that the intention of these scammers is to prompt users to make that call. Once users engage with the provided number, they may be exposed to more elaborate scams, such as fraudulent tech support schemes where the scammers attempt to sell altered versions of the product. Alternatively, the scammers may resort to more common and likely refund scams.
When you receive an unexpected email, it is crucial to exercise caution and refrain from clicking any links or downloading attachments within the email. The article titled "How to spot a phishing email" provides valuable guidance on how to approach such situations. It is advised to be wary of any actions instructed in the email and extend this cautious approach to all other communication channels, including SMS, direct messages on social media, and phone calls.
INDICATOR 2 - GENERALIZED GREETINGS
As mentioned previously, I already have an established Norton account. Therefore, any communication from Norton should, at the very least, include my name. However, the email I received had a generic greeting: "User, welcome." Setting aside the odd placement of the comma, it became evident that the sender did not possess the recipient's specific name. This raised a major concern for me because as an existing customer, Norton would typically address me by name. This discrepancy served as a significant red flag, further supporting the suspicion that the email was a phishing attempt.
Phishing scammers obtain email addresses through various means, including data breaches and the dark web, often without access to the recipients' names. Consequently, these scammers resort to using generalized greetings to target a broader audience. As outlined in our article on how to identify phishing emails, legitimate organizations such as banks, e-commerce websites, hospitals, and government institutions would never address individuals with phrases like "Dear Sir/Madam," "Hello Sir/Madam," "Hi," "Hello," or simply "Hi There." These organizations take pride in personalized communication and typically use recipients' names in their emails.
INDICATOR 3 - SUSPICIOUS SENDER INFORMATION
All official communications from Norton are typically sent from the Norton domain, which is "norton.com." This was the expectation when I received the email supposedly from Norton, which we now know is a phishing scam. However, upon inspecting the email header, it became apparent that the sender's email address was "billingdept76655@gmail.com." To compound the issue, the email was sent to "billingdept735798@gmail.com," with me being blind carbon copied (Bcc'd). This raises the question of how Norton could possibly have a Gmail address, especially one with numeric numbers, which appears suspicious.
It is crucial to carefully analyze the sender information of any email you receive, especially those that require you to take action or contain potentially incorrect and misleading information.
Scammers send out millions of emails daily, and to evade detection, they often need multiple email addresses. Registering domains and sending emails through them can be ineffective and costly as many will be flagged as spam over time. As a result, scammers prefer to use free email service providers like Gmail. Gmail does not impose restrictions on the number of email accounts one can create, allowing scammers to use uncommon names and include numeric values in their email addresses. It is important to be cautious of any emails where the sender's email address has a "gmail.com" extension and the content of the email appears suspicious.
It is essential to note that legitimate organizations such as banks, schools, hospitals, e-commerce platforms, and government institutions with official websites would never send emails through Gmail or any other free and public email providers like Hotmail or Yahoo.
INDICATOR 4 - MISLEADING EMAIL CONTENT
As previously mentioned in the article, I have used various Norton antivirus solutions, albeit not the paid version. However, upon reflection, I couldn't recall any of their products, even after the trial period, being priced at $499.99. This piqued my curiosity, prompting me to search for Norton's official price list. The email I received, which we have confirmed is a phishing attempt, indicated that Norton's Deluxe version was priced at $499.99. However, according to Norton's official website, the Deluxe version is actually priced at $114.99 per year once the trial period ends. In fact, none of the Norton products listed on their price list match the amount quoted in the email.
Moreover, the email initially stated that their product cost $299.99, but without any explanation, the total suddenly jumped to $499.99. Where did the additional $200.00 come from? It appears that the scammers couldn't keep up with basic maths.
However, it's important to remember that the scammers' ultimate goal is to entice users to call the provided phone number. Had I made the call, I would have questioned why I was charged $499.99 when the product was listed as $299.99. They would likely argue that it was a billing department error and offer a refund. This is how the refund scam emerges from phishing scams.
Additionally, the email falsely claims that Norton security is currently being developed. This information is incorrect as Norton, with its flagship antivirus and anti-malware products, has been in operation since 1990.
Since I was fully aware that this email was a phishing scam, I took no action as directed in the email. The only remaining course of action was to delete the email and prepare for the next wave of phishing scammers with their evolving tactics and new bait.
Hence, it is important to approach emails from unfamiliar senders with suspicion. Even for emails from senders you recognize, it is crucial to verify their legitimacy. In our comprehensive article on how to identify phishing emails, we delve deeper into various tactics that can be employed to determine the authenticity of an email. Some of these tactics have been demonstrated in this article, providing you with valuable insights to help you distinguish between legitimate and malicious emails.
Frequently Asked Questions on Phishing Emails
How can I identify a phishing email?
There are several ways that you can identify a phishing email. In this article, we have demonstrated a few. In summary:
Be suspicious of emails that you did not expect
Beware of emails that use generalized greetings such as Hello Sir/Madam, Hi There
Always pay attention to the sender information
Be alert of any misleading content within the email.
See our article on how to spot a phishing email for more information and tactics on spotting the breadcrumbs of a phishing email.
What should I do if I receive a phishing email?
If you come across a phishing email, it is essential to refrain from opening any links, downloading attachments, or responding to the sender. Instead, take the following actions:
Report the email as phishing to your email provider. They often have mechanisms in place to handle such reports and can take appropriate measures.
If the phishing email is impersonating a specific organization, like Norton in the example mentioned above, report it to the legitimate organization through their official channels. This helps them become aware of the scam and take necessary actions to protect their users.
If you received the phishing email on your work email, notify your organization's IT department immediately. They can investigate the issue, enhance security measures, and prevent further attacks.
Spread awareness about phishing emails among your friends and family. Inform them about the incident and educate them on how to identify and handle phishing attempts. This helps create a network of vigilant individuals who can collectively combat such scams.
By following these steps, you can contribute to combating phishing attacks and protecting yourself and others from falling victim to these fraudulent schemes.
Can opening a phishing email harm my computer or device?
According to recent reports, simply opening a phishing email is unlikely to cause harm to your devices. However, it is crucial to exercise caution when interacting with the content of such emails. The real risks lie in downloading attachments or clicking on links embedded within the email body. Cyber criminals utilize phishing emails as a means to distribute malware and redirect unsuspecting users to websites hosting malicious content. While it is generally safe to open a phishing email as you would with any other email, it is imperative to refrain from clicking on links or downloading attachments contained within them. By adopting this cautious approach, you can significantly reduce the potential risks associated with phishing emails and safeguard your devices from harm.
How do phishers acquire my email address?
There are many ways through which phishing scammers acquire email addresses to launch phishing attackers. The most common include:
Buying email lists from third-party hackers.
Through fake online surveys and contests
Through large scale data breaches of organization's websites.
Through social engineering.
Whereas most scammers have only your emails, others have some of your PII (Personally Identifiable Information) such as your name, age, gender, address and more. Once scammers launch personalized phishing emails, users have a hard time trying to access the legitimacy of the emails, many become victims.
Are there any tools or software to help detect phishing emails?
Email providers like Gmail employ advanced systems to detect and identify phishing emails. When an email is identified as spam, it is appropriately flagged and directed to the spam folder. However, certain emails manage to bypass these filters and land in a user's inbox, necessitating the user to assess their legitimacy.
It is worth mentioning that the majority of phishing emails are intercepted and removed before reaching a user's email inbox. As a result, they do not even make it to the spam folder. This highlights the effectiveness of email provider systems in proactively filtering out potential phishing threats.
By implementing these robust measures, email providers strive to protect users from falling victim to phishing attempts and minimize the exposure to suspicious or malicious emails.