Analysis: Fake Norton 'Subscription Confirmed' Phishing
From: no-reply@norton-customer-care.com
Subject: Confirmation: Your Norton 360 subscription is active
Dear user, Your Norton 360 Deluxe plan has been successfully activated for the next 12 months. The charge of $119.99 will appear on your statement soon. To view your invoice or manage your subscription, please visit your account dashboard. View Invoice: http://norton-billing-portal.co/user/invoices/1AB23C Thank you for choosing Norton.
Explanation
This email is a phishing scam. It creates a sense of normalcy with a fake subscription confirmation. The goal is to get you to click the link to a fraudulent website ('norton-billing-portal.co') that will steal your Norton account credentials, which may be reused on other sites.
Highlighted Content
- Unexpected subscription confirmation
- Link to a non-Norton domain
- Sense of urgency to 'manage'
- Always verify the domain. The link points to '.co', not the official 'norton.com'.
- If you receive an unexpected subscription email, log in to your account directly through the official website, not through email links.
- Check the sender's full email address. Scammers often use subdomains to appear legitimate (e.g., 'norton.some-other-domain.com').