Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

Issue abstract:Experienced possible insider-phishing attempt after online chat with Norton Support

Detailed description: This morning (10/21/2025) I participated in an online chat with a Norton CSR regarding my subscription auto-renew. After chatting with the CSR, WITHIN AN HOUR, I received an attempted phishing attack email from “Norton Services”. I cannot even begin to recall the last time I received a Norton phishing email, let alone one SPECIFICALLY incorporating the subscription renewal context! This phishing email was VERY specific to a 1-year subscription renewal, and attempted to goad me into calling the included number by quoting an absurdly high renewal rate, and “inviting” me to directly contact “our support team within 24 hours at +1-###-###-####”, if I “have any questions about your renewal or wish to request a refund”. By the mere fact that an actual phone number was included would have set off alarm bells, let alone the offer to issue a refund”!

So, in short, given the fact that I had just spoken with Nortons ABOUT my subscription renewal, leads me to believe either the CSR’s machine/system is compromised, OR the CSR themself is an insider threat.

As I believe this is a potentially serious, possible security breach, I would like to know who should I escalate this issue to?

Thank you very much!

Sometimes, you may receive emails from scammers claiming that it is from Norton. If you receive suspicious mails that look like it is from us, forward it as an attachment to spam@norton.com.

• Verify that an email you receive from Norton is legitimate here
• Norton email scams: Answers to Your Frequently Asked Questions (FAQs) here
• Report a spam or scam email to Norton here
• Keep an eye out for Norton email scams here

Learn what to do if you received a suspicious phone call, email, or mail here

Norton Lifelock Renewal Email Scam – What You Need To Know here
Don’t Get Duped by the Fake Norton 360 Renewal Invoice Scam here

Contact Norton Support
Contact Gen

Hi bjm,

Thanks for your response.

However, it wasn’t the mere fact of receiving a phishing attempt purporting to be from Norton…It was obvious to me that it wasn’t from Norton. It was the fact that:

A. That I received a Norton phishing attempt after just chatting with a CSR. AND having not received a Norton phishing attempt in so long, that I can’t even remember the last time I received one.

B. I received it so QUICKLY after chatting with Norton.

C. That the context of the phishing attempt was for EXACTLY the SAME reason that I had JUST chatted with the Norton CSR about.

I get phishing attempts all the time, and I don’t give them a second thought. But in THIS case, I’m saying that the “coincidence” of receiving a Norton phishing attempt for EXACTLY the same context I had just chatted with Norton about, AND so soon after chatting with them, in my mind, is just about impossible to be totally random.

Again, I appreciate your response.

Learn what to do if you received a suspicious phone call, email, or mail here
Contact Norton Support - 800-745-6061 - 800-745-6034
Contact Gen

Right…I was just trying to clarify why my issue wasn’t just the run-of-the-mill concern about receiving a suspicious email (which I would’ve completely ignored if that were the case).

Thanks for the contact info.

I will try reaching out, and I hope that Norton takes this seriously…But if not, oh well.

Thanks again

Am I Wasting My Time Reporting Scam and Spam Emails?
https://www.youtube.com/watch?v=0T8ngbXH_fE

Well, my hope is that they’ll treat this instance as more of a potential internal security/insider threat-type issue, rather than as a typical random phishing/spam incident.

Appreciate the link.

Was your original “subscription auto-renew” issue resolved?
Do you still have the “phishing email”?
Care to share with me (via private message) the email particulars…a screenshot, email from: address…email phone number?

I’ve read similar user reports…before…user contacts Norton support…user receives scam-spam emails/phone calls afterwards. Community usual comments were…that the user must not have been talking with legit Norton support. That the user had reached “support” via a browser search.

I’ve done legit business…before…that seemingly caused me to receive scam-spam emails/phone calls afterwards.

• Phishing, estimated 3.4 billion spam emails sent every day.
• Scam calls, average 2.56 billion robocalls per month in the U.S.

~ rouge off-shore support contractor/employee = sure…it’s possible ~

Users (me) are reluctant to allow Norton (anyone) remote access.

I imagine Gen/Norton monitors Norton support chats/calls/remote sessions.
Lets hope Gen/Norton monitors Norton support chats/calls/remote sessions.

Norton’s ubiquitous caveat: No one can prevent all cybercrime or identity theft.

Norton Lifelock Renewal Email Scam – What You Need To Know here
Don’t Get Duped by the Fake Norton 360 Renewal Invoice Scam here

Read more about scam safety

Was your original “subscription auto-renew” issue resolved?

Based on the CSR’s responses and chat outcome, it appeared that the issue was resolved. The CSR indicated that they had taken the necessary steps to resolve the issue, and that it could take up to 7 business days to be reflected on my card…Which I will be monitoring closely!

Do you still have the “phishing email”?

Yes

Users (me) are reluctant to allow Norton (anyone) remote access.

As am I. I will not let ANYONE remote into my machine!

Care to share with me (via private message) the email particulars…a screenshot, email from: address…email phone number?

I’ll be happy to! I’m new to this forum, so I will attempt to in-box an image of the email to you. If that’s not possible, please let me know how to PM you.

Lets hope Gen/Norton monitors Norton support chats/calls/remote sessions.

That would be my hope as well. I think chat-monitoring would be an excellent use case for AI. In THIS instance, since nothing untowards was said in the chat itself, monitoring would at least allow Norton to connect the actual CSR to the “coincidental” attempted phishing attack.

Norton’s ubiquitous caveat: No one can prevent all cybercrime or identity theft.

Yep of course, typical corporate cya. Hopefully, if there are enough instances of potential insider-enabled spam/phishing attacks, they will at the very least re-evaluate their internal security policies. Or ideally, perhaps even reconsider the practice of off-shoring support…Nah, who am I kidding!

[EDIT: I’ve just read in the community “user guide”, that I’m too new (trust-level 0, I presume), to PM you. Perhaps if you send me a PM, I can then respond with the copy of the phishing email…Thanks!]

PM sent
You’re ahead of me…Forum Help pages are Oops! That page doesn’t exist or is private.

image268×185 33.5 KB

Thanks for posting…Hopefully others will be on the lookout for emails like this after speaking or chatting with Norton support.

BTW, I received a notification this morning, from my card issuer that the expected transaction as promised by the Norton CSR, did in fact occur.

So we can definitely rule out Norton CSR “impersonation” as a potential factor.

Curious, do you recall other browser tabs open when you were chatting with Norton support?

Maybe, run Norton full scan & Malwarebytes threat scan?

How to install and run a scan with Malwarebytes
https://malwaretips.com/blogs/run-a-scan-with-malwarebytes/

Yes, multiple chrome windows and tabs within each.

I have run a full Malware scan within the last few of months, and the full Norton scan earlier this year. I received no “hits” from either.

I will run the Malware full scan today, and the Norton scan overnight today or tomorrow after restarting.

Thanks

Hmm…sounds like a lot of exposure.
Chrome Safe Browsing - Enhanced protection or Standard protection?
Third party cookies allowed or blocked?
Care to share your Chrome extensions?

Me: Yes, multiple chrome windows and tabs within each (were open during chat session)..

You: Hmm…sounds like a lot of exposure.

Sure, if a system is compromised, but my Norton full-system scan has been running for almost 16hrs and has scanned ALL system/app files (C Drive), and so far, no hits. Specifically, what do you mean by “exposure” in this context?

Chrome Safe Browsing - Enhanced protection or Standard protection?

I don’t use Chrome Safe Browsing. It’s too “paranoid” and blocks too many legit sites, and generates too many false positives. I am an IT professional myself, so I’m very conscientious about browsing and emails, and exercise an extremely high level of caution with regards to both…I think this thread is a good indication of how seriously I take system security.

Third party cookies allowed or blocked?

Blocked

Care to share your Chrome extensions?

Adblock Plus
Malware Bytes Browser Guard
Google Docs Offline
Google Drawing - disabled
Bitmoji - **disabled
**
Yep, that’s it

16hrs - wow! - large drive
“exposure” to net nasties

Oh okay. Thanks for sharing.

Presuming, you’re not allowing “acceptable ads” and you’re not duplicating ads blocker filters.

Okay…I was trying to imagine a scenario where your email address was “exposed” and the phishing email was a coincidence. Just me.

Hopefully, Norton monitors support sessions.
I’m trying to imagine …“insider-phishing attempt”…to what benefit for that CSR. Just me.

Regards w Respect

16hrs - wow! - large drive

Yeah, I actually have partitioned into multiple drives, two of which are over 1TB!

Presuming, you’re not allowing “acceptable ads” and you’re not duplicating ads blocker filters.

I block everything, EXCEPT when a news site article I REALLY want to read “insists” that I allow ADs. Then, I will enable ADs for ONLY the page I’m trying to read. Most times, it appears sites are only detecting one or the other (MalwareBytes/ Adblock), so oftentimes, I only have to enable ADS on only ONE of them, while the other continues to block the site’s ADs.

Okay…I was trying to imagine a scenario where your email address was “exposed” and the phishing email was a coincidence. Just me.

Oh, my email address is on the Dark Web…Been there for years! lol. But like I said, if I hadn’t JUST talked to Norton about renewal, I would’ve completely ignored the scam email. In my mind, the odds just seem too high for it to have just been a coincidence.

Hopefully, Norton monitors support sessions.
I’m trying to imagine …“insider-phishing attempt”…to what benefit for that CSR. Just me.

Unfortunately, even if they do, I don’t believe there would be any indication of “collusion” by a CSR. For example, if the CSR texted my email address and the context of the support chat to an external scammer, there’d really be no way for Norton to become aware of such activity, unless they had a mechanism of reporting potential “insider” threats (which they definitely don’t!), from which they could connect specific CSRs to scam attempts through timing and context information provided by the customer.

I suppose the only benefit would be potentially a share of any “proceeds” generated by a successful ransom attack or ID theft, as a result of passing on a “lead” to external bad actors.

Regards w Respect

Backatcha friend! I appreciate your feedback and the info/links you provided!

[EDIT]

I only have to enable ADS on only ONE of them

I only have to DISABLE ADS blocking on only ONE of them