Let’s say you get an email about a charge to your credit card for something you aren’t expecting or don’t want. Your first instinct may be to immediately call the company or respond to the email and to stop the payment. Scammers know that, and are taking advantage of it in a new phishing scheme.
People tell us they’re getting emails that look like they’re from Norton, a company that sells antivirus and anti-malware software. (Tip: the emails are NOT from Norton.) The emails say you’ve been (or are about to be) charged for a Norton product — maybe an auto renewal or new order. If this is a mistake, the email says, you should call immediately. (Tip: don’t.)
If you call, you’ll be connected to a scammer. Some scammers might ask you to “verify” your credit card information, while others might say they need your password to remote into your computer so they can remove the Norton program. But if you let them, they could install malware, block you from getting to your own files, and sell you worthless services.
If you get an email or text you’re not sure about:
- Don’t click on any links.
- Don’t use the number in the email or text. If you want to call the company that supposedly sent the message, look up their phone number online.
Remember:
- Never give your password to a stranger on the phone, even if they claim to be from a company you recognize.
- If you did give out your password, change it right away, update your computer’s security software, run a scan, and delete anything it identifies as a problem.
- Make your passwords long, strong, and complex.
- Don’t give your bank account, credit card, or personal information over the phone to someone who contacts you out of the blue.
And if you do get a fake email like this, help your community by reporting it to the FTC at ReportFraud.ftc.gov.
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.