WARNING: Beware Of Spam Emails From Norton And MacAfee

Summary: This concise blog discusses cyber security related to antivirus phishing. Learn how cybercriminals impersonate antivirus providers to scam users into clicking on malicious links. If you have additional questions about email phishing scams, contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com to schedule a phishing assessment.

In discussions about IT security phishing, we have often warned readers to “think before they click.” Hackers count on the impulsivity of users to trick them into clicking on email spoofs designed to steal credentials and other private data by pretending to be from trusted sources. As a general cyber security rule, users should beware of any email asking for personal data or encouraging them to click on an embedded link. Unfortunately, the cyberattacking techniques have advanced and so have the lures for prompting impulsive clicks.

Imagine getting an email allegedly from Norton Antivirus warning you, “Your account is about to expire. Click this link to renew your cyber protection agreement before your computer is under cyberattack?” If you panic and react to the warning without checking its source first, you could unknowingly click on a malicious link and launch an attack. Furthermore, suppose you get such an email from a provider you don’t use, telling you that your account is expiring or that your antivirus subscription has been renewed. In that case, that email should be deleted along with any attached links it might have. Your constant diligence and scrutinizing of emails before clicking on any attachments or links is the first line of defense against being hacked by a phishing email. In addition, some phishing emails pretending to be from a legitimate cyber security provider will encourage the user to call a phone number to speak to a representative about their account. The bad actor, on the other end of the call, will use several manipulative tactics to further the nefarious goals of the scam:

• Requesting your credit card information to renew your subscription
• Prompting you to let them connect remotely to your system to analyze why your account hadn’t been renewed
• Creating an urgent situation to encourage you to buy something else from them

Do not make the call. If you wish to speak with a live representative, the best way to validate the provider's legitimacy is to look up their number yourself. It is well worth your time.

Do Not Allow Access To Your Computer System

It is worth noting that legitimate IT security services might request permission to access your computer to evaluate any problem you might be having. However, you should never allow access if you are not 100% sure you are dealing with a trusted company. Remember, once cybercriminals are granted access, they can steal all kinds of sensitive company or personal data, including passwords and browsing data. Also, sharing access allows cyber thieves to plant many types of malware (ransomware, adware, spyware and other attacks) directly into your computer.

Ironically, IT security phishing is used to panic users into impulsivity using the threat of their systems being left without IT security. Because most people have antivirus programs installed on their PCs, this scam is particularly interesting to scammers because the target landscape is so expansive.

All the major antivirus software companies, such as Norton, McAfee and Kaspersky, have extensive online forums to help users avoid email spoofs and answer any questions they might have.

How Can I Tell If The Email Is Fake?

As good as cybercriminals have gotten at phishing emails, there are a few telltale signs of and actions to prevent IT security phishing:

• Misspelling and Grammatical Errors – Sometimes, the body text of a fake email will have awkward phrasings, misspellings and grammatical errors. If it doesn’t feel right when you read it, it probably isn’t from a trusted source. Also, subtle yet intentional misspellings of domain names are very common in email spoofs. For example, it is easy to miss that “support@qmail.com” is not the same as “support@gmail.com.” Substitution of a “q” for the “g” in gmail could be easily overlooked, especially if you’re under time constraints.
• Hover Over Embedded Links Before Clicking – Hovering over a link with your cursor will reveal the actual domain related to the link. Examine it closely to ensure it is legitimate. Hovering is a precaution that takes only a few seconds to execute.
• Checking Any Phone Numbers Before Calling – As mentioned earlier, resist the temptation to call the phone numbers in emails without first checking to see if they are from a trusted source is vital. Not responding to phishing emails stops the hack in its tracks.
• Going Directly To Your Antivirus Provider’s Website – When in doubt about any information contained within a suspicious email, find and go to the provider’s website through your own search or browser entry.

Cyber Risk Management

Businesses and individual users must develop their own meticulous best practices in handling emails and avoiding phishing scams. Ongoing cyber education is essential to recognizing and preventing phishing scams by endowing users with a heightened awareness of cyber risks and their role in preventing cyberattacks. Establishing simple email-handling protocols will help you and your company avoid deadly IT phishing scams.