What Is the Norton Subscription Renewal Email Scam? How to Avoid It

Abraham Smith

Did you receive an email saying your NortonLifeLock subscription is renewing today and a certain amount will be debited from your bank account? The email may even claim that the transaction has already taken place and ask you to call the number provided to reverse it.


This is a scam and Norton has not and will not withdraw any funds from your account. So how exactly does this scam work? What can you do to avoid being affected? And if you ever fall into scammers’ traps, what should you do next?


What is NortonLifeLock Subscription Renewal Email Scam?

NortonLifeLock subscription renewal scam is an email scam in which cyber criminals send a fake notification email to recipients about antivirus system renewal. They present the email as an official notification from NotronLifeLock, a cybersecurity software company.

The scammers add a fake custom ID, invoice number, and renewal date to make the email appear genuine. From the official logo to the professional-looking email design, cybercriminals make the email appear authentic.

Also, scammers enclose a fake invoice and mention a NortonLifeLock subscription that will be renewed within 24 hours. In rare cases, they can also inform their targets that the subscription has already been renewed and their account has been charged.

After panicking the victims, the scammers instruct them to contact their billing department on the number provided to cancel the subscription or get a refund of the amount deducted (which was not actually charged).

The scam begins when someone calls the number provided, seemingly to avoid being billed for something they don’t want. When the target tries to unsubscribe in this way, the scam can take various forms.

How does NortonLifeLock subscription renewal email scam work?

First, scammers try to convince their targets to give them remote access to their laptops or computers. Scammers claim that they can only cancel the subscription by accessing the recipient’s device to prevent it from being renewed, or by reversing a transaction already made.

If the recipient agrees and grants them remote access, they’ll ask the user to log into their bank account so they can cancel or reverse the transaction. After gaining access to the user’s bank account, they use software to cover the screen so the user cannot see what they are doing.

To reassure their victims, they say a technical issue caused their screen to go black and they are working on a fix. However, their hidden agenda is to make huge deposits into their bank accounts from the victim, install malicious software to track user accounts and access them later, or simply remove protection on their targets’ devices to scam them again.

It has been reported that scammers are also using the notorious tech support refund scam strategy to cheat their targets during this scam. They instruct their targets to write down their available bank balance so they can check the refund later. Then they edit the HTML of the bank account page to show a higher amount than it should be.

After that, scammers claim they sent more than they should and demand a refund. In reality, the funds stay the same and users send their hard-earned money to cyber criminals instead. When they complete the transaction and refresh the screen, they learn the reality of the situation, but by then it’s too late.

Besides the above two ways scammers can try to steal you, there are various other ways they can harm you.

  • A scammer can include a downloadable attachment in the malware e-mail masquerading as an official invoice.
  • They can include a phishing link in the email and ask you to click it to cancel the renewal or reverse the purported transaction.
  • Scammers may ask you to provide sensitive information in the email reply.
  • They can hijack your browser and spy on you later.

The list goes on and on…

How to Spot NortonLifeLock Subscription Scam

If you’re not sure if the subscription renewal email is real, ask yourself the following questions:

  • Have you subscribed to the product that the email says will be renewed in 24 hours?
  • Is the email address you used to register with NortonLifeLock the same as the email you received the fraudulent email?
  • Does the email mention your name?
  • Does the renewal date in the email match the date you received it?

If you are not subscribed to a NortonLifeLock product, your name is not listed anywhere in the email, and the email address you receive emails to is different from the one you registered to, it is definitely a scam.

While this should be enough to tell you the email is fake, you’ll likely see other signs of phishing scams to confirm your suspicions. For example, if the address you are receiving the email from is unofficial, the content contains typographical errors, the email conveys a sense of urgency, has phishing links and attachments, or the email asks for sensitive information, then scammers are at work this email campaign.

What should you do if you receive a subscription scam email?

The first thing you should do when you receive a fraudulent email is to check if it is a scam. So keep an eye out for the above signs as you read through.

Do not download attachments or contact the number provided, no matter how official it may seem. Do not click on any suspicious links contained in the email, even if they claim you can cancel your subscription.

Important: If scammers ask for remote access, don’t let them. If the scammers claim that a subscription renewal transaction has already taken place, contact your bank instead of asking the scammers for help.

If you’re still unsure after knowing all the signs, you can contact Norton Support for confirmation. After Norton’s support team confirmed that no such invoice was issued, suggesting that it is a scam, the best course of action would be to ignore the email.

What to do if you fell for the NortonLifeLock subscription renewal email scam?

If you have already called the scammer after receiving the fraudulent NortonLifeLock subscription email or downloading attachments, you should do the following:

  • If you were just talking to the scammer, deny remote access when they ask.
  • If you have given scammers remote access, turn off your internet to prevent scammers from connecting to your computer if they already have the tracker installed. Also, scan your computer for malware and hijacking software before re-enabling your internet connection.
  • Your privacy could be seriously compromised if you have access to your laptop’s webcam. Temporarily turn off your webcam.
  • Scammers can claim to have transferred an additional amount during transaction cancellation and ask you to pay it back. Don’t fall for it.
  • If scammers have gained access to your bank account, contact your bank and ask them to freeze it.

Be smart with NortonLifeLock subscription email scammers

Hopefully you now understand how the NortonLifeLock subscription email scam works. You should be able to spot the scam and avoid it with our tips. But you’re not the only person who might fall for it, so make sure to let your parents, grandparents, friends, and other family members know about these scams as well.

Leave a Reply

Your email address will not be published. Required fields are marked *