Turn on two-factor authentication. Check! Update privacy settings. Check! Create stronger passwords. Check!

Before responding to an unexpected communication, stop. Let your next steps be guided by healthy skepticism, and proceed with caution.

These are just a few actions you've taken to keep your data safe from online thieves. You even follow the blogs of reputable anti-malware software companies to stay up-to-date on the latest scams. But what happens when cyberthieves pretend to be the very people you trust to stay safe online?

When you receive an email from your preferred anti-malware software company, you pay attention. They might send you information about new product updates, security alerts, or special offers. You don't expect to receive an email notification asking you to confirm a subscription renewal you don't want, don't need, and never authorized.

Abby recently received an email from a scammer pretending to be Norton®, the well-known anti-malware product company. This is what it said:

---

From: nortonusa.cq.com
Date: April 5, 2021
Subject: Billing Department
To: Abby Smith (This email address is being protected from spambots. You need JavaScript enabled to view it.)

You have been charged $299.99 for your Norton auto renewal. If there has been a mistake, please call 1-888-888-8888 within one business day when you are in front of your computer.

Thanks & Regards
Norton™ Billing Team

---

The message even included what appeared to be the company's official logo. Like Abby, you might feel a sense of panic before grabbing your phone and dialing the number listed in the email. While you intend to resolve the charge, the person on the other end of the line plans to steal your credit card number or other personal information.

How It Works

Here's how this new email phishing scam works.

Scammers want you to dial the phone number. Once they have you on the line, they will claim that they need your credit card number, expiration date, and CV number to reverse the charges. They might even falsely claim that since the software was automatically installed when your credit card was billed, they need remote access to your computer so they can remove the Norton program they've just refunded. In reality, they'll install malware that can extract personal data from your system.

How to Protect Yourself

Protect yourself from this phishing scam by:

  • Never responding to an email or text by dialing the phone number or clicking the link in the communication. If you have a question about the message, contact the company using the phone number on their official website.

  • Never sharing your passwords, credit card numbers, or banking information with anyone who initiates contact, even if they claim to be from a reputable company.

  • Reporting these fake emails to the Federal Trade Commission. It could help stop fraud in your community.

If it whiffs of a scam, it probably is. Before responding to an unexpected communication, stop. Let your next steps be guided by healthy skepticism, and proceed with caution.