How to recognize and report Norton scam emails

Scam emails impersonating trusted entities like Norton are nothing new. But they are becoming increasingly sophisticated, making it more difficult to distinguish between real and fake communications. If these malicious emails manage to trick you, it can lead to financial loss, identity theft, malware infections, and more.

The good news? Even as attackers work overtime to perfect their craft, there are still warning signs that can help you recognize fake emails.

This guide will share red flags you should look out for, the steps to take if you receive a scam email that looks to be from Norton, and tips on how to take advantage of AI-powered scam detection included in Norton 360 Deluxe to confirm if a threat is present.

Quick tips

• If you receive a suspicious email with Norton branding in your inbox, do not respond, download attachments, or click any links in the email.
• Verify that the email came from a real Norton email address by carefully checking the domain (the last part of the email address).
• To report a Norton email scam, forward the email here as an attachment: spam@norton.com.

Is there a Norton email scam?

Norton email scams — fake emails purporting to be from Norton — are phishing emails that continue to evolve. Cybercriminals impersonate us, and other trusted companies, to steal personal information and money through fake renewal and order confirmation notices, password reset and malware infection alerts, tech support scams, and identity theft warnings.

6 Example scam emails impersonating Norton

Scammers impersonating Norton use various ruses to make emails appear legitimate and create urgency. Here’s how they work:

1. Auto-renewal scam

Auto-renewal scams are fake billing notifications that claim your Norton subscription will automatically renew for hundreds of dollars. Even if you don’t have a Norton subscription, these messages create panic by stating you’ll be charged unless you contact the billing department immediately to cancel.

When you respond or reach out to the listed contact to cancel, they request personal information like credit card or bank account numbers, or PayPal account details, claiming they need them to process a refund or stop the transaction.

2. Payment scam

The Norton email payment scam involves an attacker sending a fake order confirmation claiming you made a purchase, and the payment was successfully processed. Like the auto-renewal scam, this ruse creates a sense of urgency by quoting a very high number.

3. Password reset alert

Password reset alerts falsely claim that someone is trying to change your Norton account password from an unfamiliar location or device. These emails will encourage you to click a malicious link to “secure your account” or “verify your identity.”

When you interact, the link sends you to a spoofed login webpage designed to steal data like your username and password through credential harvesting or formjacking. These messages may also contain a phone number, leading to a scammer coaxing your details from you.

4. Tech support scams

Tech support scam emails warn you about non-existent computer issues and instruct you to contact “Norton” for assistance with the malware removal process or to resolve the technical issue. When you respond, the attacker pretends to be a support technician to gain remote access to your device and install actual malware, like spyware.

In some cases, they may install malware and then charge for removing it.

5. Stolen identity scam

Stolen identity email scams try to convince you that LifeLock by Norton detected signs of identity theft. These messages demand immediate verification of personal information like Social Security numbers, bank details, or passwords to begin the identity theft restoration process. Alternatively, they may claim to have already restored your identity and demand payment for their services.

6. Infected device scam

Infected device scams are alarming emails stating that our malware scanner detected viruses, spyware, or another threat on your device. These emails usually include malicious attachments or links that, when clicked, actually install the malware they claim to remove. They may also request payment for remediation efforts.

How can I tell if an email from Norton is legit?

You may receive legitimate emails from Norton about missed payments, upcoming renewals, offers, announcements, and product updates. However, none will ask you to submit sensitive information through unsecure channels like email, pages without an SSL certificate, or unofficial websites.

Here’s a closer look at ways to confirm whether an email that looks like it’s from Norton is legit.

Check the sender’s address

If you’ve agreed to receive emails, you may receive real messages from Norton and our affiliates in your inbox. When you receive an email, double-check to ensure it’s from a sender whose email ends in one of these domains:

• @nortonlifelock.com
• @norton.com
• @identity.norton.com
• @login.norton.com
• @securenorton.com
• @secure.norton.com
• @lifelock.norton.com
• @mylogin.norton.com
• @myidentity.norton.com
• @family.norton.com
• @lifelock.com
• @mail.nortonstore.hk
• @mail.nortonstore.cn
• @mail.nortonstore.tw
• @mail.nortonstore.kr
• @mail.nortonstore.jp
• @mail.norton.com
• @mails.norton.com
• @email.norton.com
• @emails.norton.com
• @e-mail.norton.com
• @identityprotection.norton.com
• @subscriptions.norton.com
• @zuberance.com
• @ifeelgoods.com
• @trustpilot.com
• @club-off.com
• @m.onetrust.com
• @cleverbridge.com
• @creditview.co.uk

Consider the context

Norton may contact you via email about account updates, subscription renewals, product notifications, and security alerts. However, we won’t prompt you to download anything via email. If you’ve registered with Norton and purchased a product, you can safely download it from your Norton account.

Look for sensitive information or access requests

Legitimate Norton emails never request sensitive information like passwords, Social Security numbers, or credit card details via email or other unsecured channels. Also, our emails won’t try to initiate a remote access device takeover unprompted.

How to report scam emails to Norton

To report a fake email to Norton, forward the scam email to spam@norton.com. The best method is to send it as an attachment, because this avoids losing key content, which is required for analysis. You won’t receive additional updates, but our team will investigate.

Confirm if emails are real or fake with advanced AI

Email scams are more deceptive than ever — but Norton 360 Deluxe helps keep you a step ahead. With access to a scam detector that warns you about threats before interacting, you can better avoid even the most realistic scam emails.

But scam emails aren’t the only way malware can land on your device. That’s why Norton also offers powerful protection against malware and hackers to help keep your devices secure from a range of online threats.

FAQs

Is it safe to call the customer support line in the email?

It depends. If it’s a legitimate email from a trustworthy company, the number will be the official support line. Since scam emails can be difficult to identify, the safest way to contact a company is by looking up the relevant phone number on their official website. If you accidentally call a scam number, any information you provide could lead to financial loss or identity theft.

What is Norton doing about scams using the Norton brand?

Norton is constantly working to block, shut down, and prevent scam emails. We also have resources to report scam emails and verify that an email is legit. But even with departments like the Scam Research Lab and Threat Labs, no one can stop every scam, as cybercriminals continuously develop new ways to avoid detection and defraud people.

Can I get a computer virus from a Norton scam email?

Yes, you could get a computer virus from a Norton scam email if you click links or interact with the email. Some spam emails using Norton, LifeLock, or NortonLifeLock names include fake links to cancel or renew antivirus or other security services. Those links take you to sites controlled by the cybercriminal and could lead to installing malware on your computer.