Headers
From Norton Account Sun Jun 2 11:05:02 2013
X-Apparently-To: xxxx@btinternet.com via 188.125.85.246; Sun, 02 Jun 2013 10:05:10 +0000
Return-Path: <antivirusstores@gmail.com>
X-YahooFilteredBulk: 74.125.82.68
Received-SPF: pass (domain of gmail.com designates 74.125.82.68 as permitted sender)
X-YMailISG: 7G1OLEwWLDtO3tKZcEdPOPuVH8mBzNvGvfrwLjQKlThCwZLk
kDcfEetc_DimjOtEYBkK1xmvlo5uotANZ5aonPMU_1pIAI6Z6_WjlaZjl61J
UneiyGgrj0.q.Lq06ykgejZ2YRBQmyuNqwz35UZ4J2pqwmyX7FsrAwiUsuNm
uZObp6BCmZbG79a47s.LWJS0.iD.pC7xZRuww5r8lcLSCrR4iZt3GlpINSiF
Uj8QhJHPMwVPRiJrXfhqIWdDgk7G6Mtt2paYP45yptnUqShzD0wWMfGWhn7o
pXZjtVcYOct05TrpWQXxgv3rAsbI3IU2NPHMkiTNl98UhaeRG2KZCF2kf20q
Jg6ShBy5biWIjHvGIlwPmAuNARjE1yvR_Cdo_eGS80N06NZHQxhv_gdAzWSr
OiqNtgn2d9YR_kZJgEbPwPVkl6hD.dsCxtV1Qd32dsy7bVIRqKJrq4cq4gcq
f46G.MVr1kgefLjIhangmLoTqxDGcpuXxyZJ.KqAdKmI87.MJJzau3ZRWVz4
4FhmPge_e_ydLCy1jXFJULNuIcmo_AUP6FjpSB3VQYiSbmSOpHrR7JN8M6sW
R8ytJ1JEP2o0a9tPpmMRDRRVx01FovQMtfs.qhvaNa2d8VkBJMoXj2DLvsSg
RDNnB3Z9oVW4NtK7gfzehZa_G7ZJ_Jm_uMeDo_614UaHeeI1uHtmTt2xys4W
ysnpRFjgIOVT8hU2kIUKhMUcaVxq_45OytP8WJdLLIJfz74WcvG4W4y5A2CS
ZvXhKxHbdO.EV6Fqi4KdEOExGbQvYbdSfZ51.RAqyE8BU7Wr6diynflmuha3
PRhoO08kero7Jwa6l3b3T0ezsFJXzp8dgwqNVTzSFaFLPsHgYHLFO__FFYaW
PMnEA3U49VmYXKF2fj8XDpiKgmqQFZkHqiyKD7cIkqePFESY9P8RDOLGr_U5
rS66aXuxY92Xh1KQeFGZNo9gsiuDDhCkv7_5ASemXgxey7EzIirBvPx7NzVi
zCFRwCEXRob4n.1bm.VKdFtKUs4Ce5Lv9GcEsVDB3wt3gIJWFIm94oF1FTr0
6bUmcxVIsNumlJLu3wPsvUh5Xu1ponw.j8fPACyyjo4_FuCuP2zhTG8U1TEY
vNaGi4Me6DOvHOu8xg_Zc0RcohFnR50KZzuxGfPTLf2MFHLH8yPqaazlDBtV
I2BPeu4q2KB_c4NerQf3JgoI9.bRvhGc_qCeoX0tz92mIyTcHjKs9LXjjTw_
HoHwlA6R8V8GRRYr5xDIQiIXJuERirTk.XuVK64e9QOuGlnYriA3TBwtXPgO
c4r8MP31WmS6npkljHc4QFC8npswKaKVIBuwKjxI9PPO7eV8GlcaZTSUiVMX
LSTE6itxKe4NUjILInv3y8g7ImNLF979zxg-
X-Originating-IP: [74.125.82.68]
Authentication-Results: mta1006.bt.mail.ird.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail-wg0-f68.google.com) (74.125.82.68)
by mta1006.bt.mail.ird.yahoo.com with SMTP; Sun, 02 Jun 2013 10:05:10 +0000
Received: by mail-wg0-f68.google.com with SMTP id n12so762709wgh.3
for <xxxx@btinternet.com>; Sun, 02 Jun 2013 03:05:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=sender:mime-version:from:reply-to:to:subject:content-type:x-mailer
:date:message-id:list-unsubscribe;
bh=1fOWoq2WLi05WATGo5iV7cdunaZisGeDAvp2gaXJVVE=;
b=YADikY7FTBhqRDuZ3yjBLutjUZAE3KEQFhLELwvuNZnCaetidpHHeEJa/v6q3NQgL9
BKNYRhCaQDoMbX6q4ikujsNNk6Z/AWpjB2sQXoO+9XhMjyG1MvXD7Nmj3XAfs6hSmpPY
Vny/abmtnmXPeZIVMMy+z7JKS79IcqkboZrDsewmzQd8PHdEZb/PSVljscgd/jzGjZ8A
iWfz5OW78gnW/RluAA1WoWGNmMb9fZEnDf56gNm/DyPj+PmsyW8nnIEOT+ddUwiG92wl
+IrKdK7SihjOOv7mSNhlt67M9fdUa1GKsKBuOYIe6o77EaMzyAVqPgFOzyHSqetj8Gs2
pVWw==
X-Received: by 10.180.9.7 with SMTP id v7mr8975240wia.61.1370167509992;
Sun, 02 Jun 2013 03:05:09 -0700 (PDT)
Return-Path: <antivirusstores@gmail.com>
Received: from 84-235-91-30.saudi.net.sa ([84.235.91.30])
by mx.google.com with ESMTPSA id m3sm15480963wij.5.2013.06.02.03.05.07
for <xxx@btinternet.com>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sun, 02 Jun 2013 03:05:09 -0700 (PDT)
Sender: Norton Renewals <antivirusstores@gmail.com>
Return-Path: subscriptions@norton-renewal.com
MIME-Version: 1.0
From: Norton Account <subscriptionoffer@norton-renewal.com>
Reply-To: subscriptions@norton-renewal.com
To: Norton Subscriber <xxxx@btinternet.com>
Subject: Caution: Norton protection won't be renewed automatically!
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_5505_3DB217EE.15A75B9F"
X-Mailer: Smart_Send_2_0_138
Date: Sun, 2 Jun 2013 13:05:02 +0300
Message-ID: <45283721431842431423830@JohnClark>
List-Unsubscribe: <mailto:?subject=Unsubscribe>
Content-Length: 24654
Hi Sunil
I deleted the email- the headers are above.
The gist of the email was that Automatic Norton Renewal would not happen and that I should click the link to make it happen. Standard phishing ploy.
I reported a similar attempt a couple of months ago.
Cheers
John
Sunil,
Here is what the previous email said. The latest one was similar if not the same.
.......................................................................
The following message came yesterday claiming that Automatic Renewal had been disabled. I noted the return address is @gmail. Is this a genuine Norton message or not? Message contents and full headers follow.
Message content
Dear Norton Subscriber,
This is to inform you that Automatic Renewal service for your Norton subscription has been disabled. As such, Symantec will not automatically renew your
subscription and will not charge your credit card. At expiration your computer may be vulnerable to dangerous online threats unless you renew Norton subscription.
Hence you are requested to purchase the Norton Renewal from Norton Renewal Center.
We are glad to inform you that you have been nominated for Christmas Renewal offer. With this limited offer you are eligible to get 6 months of free subscription
with 2-Year Norton Renewal and 2 months of free subscription with 1-Year Norton Renewal.
To renew or extend your Norton subscription with the Christmas Renewal Offer please reply to this email with the code 'NYNRO1Y2M' for 1-Year Renewal or
'NYNRO2Y6M' for 2-Years Renewal. You can also reply to this email by clicking on the link given below. You will be contacted soon with more details.
Sincerely,
Norton Renewal Support
Thank you for choosing Norton
Headers
From Norton Account Sun Jun 2 11:05:02 2013
X-Apparently-To: xxxx@btinternet.com via 188.125.85.246; Sun, 02 Jun 2013 10:05:10 +0000
Return-Path: <antivirusstores@gmail.com>
X-YahooFilteredBulk: 74.125.82.68
Received-SPF: pass (domain of gmail.com designates 74.125.82.68 as permitted sender)
X-YMailISG: 7G1OLEwWLDtO3tKZcEdPOPuVH8mBzNvGvfrwLjQKlThCwZLk
kDcfEetc_DimjOtEYBkK1xmvlo5uotANZ5aonPMU_1pIAI6Z6_WjlaZjl61J
UneiyGgrj0.q.Lq06ykgejZ2YRBQmyuNqwz35UZ4J2pqwmyX7FsrAwiUsuNm
uZObp6BCmZbG79a47s.LWJS0.iD.pC7xZRuww5r8lcLSCrR4iZt3GlpINSiF
Uj8QhJHPMwVPRiJrXfhqIWdDgk7G6Mtt2paYP45yptnUqShzD0wWMfGWhn7o
pXZjtVcYOct05TrpWQXxgv3rAsbI3IU2NPHMkiTNl98UhaeRG2KZCF2kf20q
Jg6ShBy5biWIjHvGIlwPmAuNARjE1yvR_Cdo_eGS80N06NZHQxhv_gdAzWSr
OiqNtgn2d9YR_kZJgEbPwPVkl6hD.dsCxtV1Qd32dsy7bVIRqKJrq4cq4gcq
f46G.MVr1kgefLjIhangmLoTqxDGcpuXxyZJ.KqAdKmI87.MJJzau3ZRWVz4
4FhmPge_e_ydLCy1jXFJULNuIcmo_AUP6FjpSB3VQYiSbmSOpHrR7JN8M6sW
R8ytJ1JEP2o0a9tPpmMRDRRVx01FovQMtfs.qhvaNa2d8VkBJMoXj2DLvsSg
RDNnB3Z9oVW4NtK7gfzehZa_G7ZJ_Jm_uMeDo_614UaHeeI1uHtmTt2xys4W
ysnpRFjgIOVT8hU2kIUKhMUcaVxq_45OytP8WJdLLIJfz74WcvG4W4y5A2CS
ZvXhKxHbdO.EV6Fqi4KdEOExGbQvYbdSfZ51.RAqyE8BU7Wr6diynflmuha3
PRhoO08kero7Jwa6l3b3T0ezsFJXzp8dgwqNVTzSFaFLPsHgYHLFO__FFYaW
PMnEA3U49VmYXKF2fj8XDpiKgmqQFZkHqiyKD7cIkqePFESY9P8RDOLGr_U5
rS66aXuxY92Xh1KQeFGZNo9gsiuDDhCkv7_5ASemXgxey7EzIirBvPx7NzVi
zCFRwCEXRob4n.1bm.VKdFtKUs4Ce5Lv9GcEsVDB3wt3gIJWFIm94oF1FTr0
6bUmcxVIsNumlJLu3wPsvUh5Xu1ponw.j8fPACyyjo4_FuCuP2zhTG8U1TEY
vNaGi4Me6DOvHOu8xg_Zc0RcohFnR50KZzuxGfPTLf2MFHLH8yPqaazlDBtV
I2BPeu4q2KB_c4NerQf3JgoI9.bRvhGc_qCeoX0tz92mIyTcHjKs9LXjjTw_
HoHwlA6R8V8GRRYr5xDIQiIXJuERirTk.XuVK64e9QOuGlnYriA3TBwtXPgO
c4r8MP31WmS6npkljHc4QFC8npswKaKVIBuwKjxI9PPO7eV8GlcaZTSUiVMX
LSTE6itxKe4NUjILInv3y8g7ImNLF979zxg-
X-Originating-IP: [74.125.82.68]
Authentication-Results: mta1006.bt.mail.ird.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail-wg0-f68.google.com) (74.125.82.68)
by mta1006.bt.mail.ird.yahoo.com with SMTP; Sun, 02 Jun 2013 10:05:10 +0000
Received: by mail-wg0-f68.google.com with SMTP id n12so762709wgh.3
for <xxxx@btinternet.com>; Sun, 02 Jun 2013 03:05:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=sender:mime-version:from:reply-to:to:subject:content-type:x-mailer
:date:message-id:list-unsubscribe;
bh=1fOWoq2WLi05WATGo5iV7cdunaZisGeDAvp2gaXJVVE=;
b=YADikY7FTBhqRDuZ3yjBLutjUZAE3KEQFhLELwvuNZnCaetidpHHeEJa/v6q3NQgL9
BKNYRhCaQDoMbX6q4ikujsNNk6Z/AWpjB2sQXoO+9XhMjyG1MvXD7Nmj3XAfs6hSmpPY
Vny/abmtnmXPeZIVMMy+z7JKS79IcqkboZrDsewmzQd8PHdEZb/PSVljscgd/jzGjZ8A
iWfz5OW78gnW/RluAA1WoWGNmMb9fZEnDf56gNm/DyPj+PmsyW8nnIEOT+ddUwiG92wl
+IrKdK7SihjOOv7mSNhlt67M9fdUa1GKsKBuOYIe6o77EaMzyAVqPgFOzyHSqetj8Gs2
pVWw==
X-Received: by 10.180.9.7 with SMTP id v7mr8975240wia.61.1370167509992;
Sun, 02 Jun 2013 03:05:09 -0700 (PDT)
Return-Path: <antivirusstores@gmail.com>
Received: from 84-235-91-30.saudi.net.sa ([84.235.91.30])
by mx.google.com with ESMTPSA id m3sm15480963wij.5.2013.06.02.03.05.07
for <xxx@btinternet.com>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sun, 02 Jun 2013 03:05:09 -0700 (PDT)
Sender: Norton Renewals <antivirusstores@gmail.com>
Return-Path: subscriptions@norton-renewal.com
MIME-Version: 1.0
From: Norton Account <subscriptionoffer@norton-renewal.com>
Reply-To: subscriptions@norton-renewal.com
To: Norton Subscriber <xxxx@btinternet.com>
Subject: Caution: Norton protection won't be renewed automatically!
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_5505_3DB217EE.15A75B9F"
X-Mailer: Smart_Send_2_0_138
Date: Sun, 2 Jun 2013 13:05:02 +0300
Message-ID: <45283721431842431423830@JohnClark>
List-Unsubscribe: <mailto:?subject=Unsubscribe>
Content-Length: 24654
See attachments for Phishing message content and full headers.