Nasty spam purporting to be from Norton

I RECEIVED THIS MESSAGE LAST NIIGHT. ALTHOUGH IT GOT INTO MY INBOX AND WAS NOT STOPPED BY MS OUTLOOK OR NORTON INTERNET SECURITY, I SUSPECTED IT BECAUSE I AM A UK SUBSCRIBER PAYING FOR NORTON IN £ STERLING, NOT DOLLARS, AND THE ACTUAL LINKS IN IT DID NOT LOOK FAMILIAR. I WOULD LIKE TO FORWARD IT TO SYMANTEC FOR ATTENTION, BUT SPAMWATCH@SYMANTEC.COM DOESN’T EXIST ANY LONGER. THE EMAIL LOOKS LIKE THIS (BUT ITS GRAPHICS AND LINKS HAVEN’T COME THROUGH IN THIS POST: From: Norton [mailto:norton@nortonfromsymantec.com] Sent: 17 August 2012 21:53 To: .****@btinternet.com Subject: Apology: We accidentally overcharged you Protecting the Stuff that matters.™ To view this message as a web page, click here. Dear Peter, Recently we discovered an error in our billing system that caused you to be overcharged for your Norton subscription. As head of Norton’s online store, I want to apologize and explain what we’re doing to resolve the problem. What happened: Between December 2009 and March 2012, you renewed your Norton subscription through our online store. However, we accidentally billed you $10 more than we should have. This problem affected less than 1% of our customers. Your computer’s protection was not affected in any way. What we’re doing about it: We have extended your Norton subscription for 90 days – 60 days to compensate you for the overcharge, plus an extra 30 days on us. If you are happy with this solution, you don’t need to do anything. For more information: If you would like to arrange for a refund of the overcharged amount, or if you have any other questions about this issue, we’d love to talk with you. You can reach our Customer Service at http://www.norton.com/chat or the numbers provided below. Let the agent know that you received the “overcharge email”. Language Access Country Access number Support Hours English USA & Canada 877 888 7505 24x7 English United Kingdom 44 (0) 20 7616 5600 24x7 English Australia 1800 680 026 24x7 English New Zealand 0800 174 089 24x7 English India 1800 102 4235 / 1800 425 4235 24x7 English Hong Kong 852 2598 1234 24x7 On behalf of the whole team here, thank you for your understanding, and for being a Norton customer. Sincerely, Lenny Alugas Senior Vice President, Worldwide eCommerce Norton Support Legal Information Return Policy Privacy Policy Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, and Norton are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Please do not reply to this message. If you require Customer Service or Technical Support, please go to the Symantec Web site for contact information at http://www.symantec.com/. Symantec Corporation, 350 Ellis St., Mountain View, CA 94043, USA NAM_US_EN_AR_BILL_REME_ESTORE_081512

Peter,

 

You are right to check but the chat link is valid and it does give a UK phone number: English United Kingdom 44 (0) 20 7616 5600 24x7 which you will know how to reconfigure for local use since it is in the format for use from outside the UK.

 

I suggest you try this CHAT link and ask them to verify:

 

To contact customer support Click on this link https://www.norton.com/chat  and work on from there.

 

I have queried this with Norton but things are slower at the weekend since the Norton Staff here -- names in red -- all have some down time <s>

Please let us know how you get on .... 

I RECEIVED THIS MESSAGE LAST NIIGHT. ALTHOUGH IT GOT INTO MY INBOX AND WAS NOT STOPPED BY MS OUTLOOK OR NORTON INTERNET SECURITY, I SUSPECTED IT BECAUSE I AM A UK SUBSCRIBER PAYING FOR NORTON IN £ STERLING, NOT DOLLARS, AND THE ACTUAL LINKS IN IT DID NOT LOOK FAMILIAR. I WOULD LIKE TO FORWARD IT TO SYMANTEC FOR ATTENTION, BUT SPAMWATCH@SYMANTEC.COM DOESN’T EXIST ANY LONGER. THE EMAIL LOOKS LIKE THIS (BUT ITS GRAPHICS AND LINKS HAVEN’T COME THROUGH IN THIS POST: From: Norton [mailto:norton@nortonfromsymantec.com] Sent: 17 August 2012 21:53 To: .****@btinternet.com Subject: Apology: We accidentally overcharged you Protecting the Stuff that matters.™ To view this message as a web page, click here. Dear Peter, Recently we discovered an error in our billing system that caused you to be overcharged for your Norton subscription. As head of Norton’s online store, I want to apologize and explain what we’re doing to resolve the problem. What happened: Between December 2009 and March 2012, you renewed your Norton subscription through our online store. However, we accidentally billed you $10 more than we should have. This problem affected less than 1% of our customers. Your computer’s protection was not affected in any way. What we’re doing about it: We have extended your Norton subscription for 90 days – 60 days to compensate you for the overcharge, plus an extra 30 days on us. If you are happy with this solution, you don’t need to do anything. For more information: If you would like to arrange for a refund of the overcharged amount, or if you have any other questions about this issue, we’d love to talk with you. You can reach our Customer Service at http://www.norton.com/chat or the numbers provided below. Let the agent know that you received the “overcharge email”. Language Access Country Access number Support Hours English USA & Canada 877 888 7505 24x7 English United Kingdom 44 (0) 20 7616 5600 24x7 English Australia 1800 680 026 24x7 English New Zealand 0800 174 089 24x7 English India 1800 102 4235 / 1800 425 4235 24x7 English Hong Kong 852 2598 1234 24x7 On behalf of the whole team here, thank you for your understanding, and for being a Norton customer. Sincerely, Lenny Alugas Senior Vice President, Worldwide eCommerce Norton Support Legal Information Return Policy Privacy Policy Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, and Norton are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Please do not reply to this message. If you require Customer Service or Technical Support, please go to the Symantec Web site for contact information at http://www.symantec.com/. Symantec Corporation, 350 Ellis St., Mountain View, CA 94043, USA NAM_US_EN_AR_BILL_REME_ESTORE_081512

My biggest doubt is that I don't pay in dollars and last renewed in July 2011 and July 2012.  The suspect email headers are as follows:

 

 

X-Apparently-To:  via 188.125.85.246; Fri, 17 Aug 2012 20:55:35 +0000 Received-SPF: pass (domain of nortonfromsymantec.com designates 12.130.138.126 as permitted sender) X-YMailISG: uI9W_jYWLDs56Bl_CIyhtQ92K7QV4EJDHumKyNacgenitmoM  i6f.fkVpdEKxZ6i.wtuiMDBV2lJPkHDlwod55B74YGKT1fvlt0joAwAtdlSV  VoMOy0rZJh4UMGDVnS_PYMtZW6_e31JC14fLZIPdNfPNJH.OzHXavQXwXpwp  3G2PVTaqjGOr.vB2AKzIlE_Q5e3ILXCEBPcHTBtKsWmYxLvdy4WdiPf_G5O.  bV2cvjzKxFGJ8.uA2Hb_VHOF5ejq.LEPz4xhCIHfWgari2EDyLb2mq7Skx2v  KZNlI3QwpUphfO9YMrzXpXu2UHI7E7gIlzIOhIS9bAKLoDVW7InFTK3AUkzV  WcDXYT4w7.hV1ig.fAffGmZcYUhLORw9uxtduOYEay9hne4Q5XuFgz0LrFgm  LbwvYVGrvIGtGiAyqTERrsjDF9Kc9wSgUCgAmHwfs4WKI4aLS0JMf3Z.TzGd  rPfythi1D8hq5Qukc1EDxrMM3ahVQVkpBVh021MWI8yv4OVPtMXQUcddnu_F  C6Kxis.UCUqtFhcSgSipCBUP0nXZ.zrOuLviBGrf8cWUX5CdQaV_VDf0VkzC  jjigNMwD5MwYwVb8UwmOaQEaupruI1sLYoG6enn3q4x32V3rE_NvL9z55ui.  RoXrfjrYMrNfqxCoEiedVgY1fl9SQ0FR.MIeyMfgOdsyVVZdE09cIK34.OAB  3veWtGOAI9poUPsyIsas7.tUaK3cp_d6rxlSL_CtryMOhdxGDnZF3TmNK8E9  oRvTQmPOgqH.ZKa3o0KcYGh.D0KfjkEdZiTBjcgoDlsASfK5FhYDNRoJxn.V  YUEuEKQksHMiNVIB1vbKWLtR6S4wjNMbtKgmbZyRfpNSc.oxywkJn6t6jIPy  jzmFFiD26QnveR2bfVaHp2sTjh9IEZyJL12HNa1SsSwV8HO2vwM4wNxAhSSx  iLkdcS6fEFzSHF8eEysjwXiXzm2f_v8PLRI_ZuCzqEU1megHMfhmlzC.ETiR  I8tBQdriimcnYTU89yzQk7p9mprBbpCB1QgWCLrJF4lJ2dLrKP4EMtd.rMxd  nL6mGVrU0.FVx1RW5Jui684_.0BGiXT5uEyqqogpL5dEb9hro50HfMmj1FkK  .WRohcxIlrH5Afhzb4w7hTI0B5Z_Tvn61t8Djxl.O4ypKFUqGUcTmE7o0A-- X-Originating-IP: [12.130.138.126] Authentication-Results: mta1002.bt.mail.ird.yahoo.com  from=nortonfromsymantec.com; domainkeys=fail (bad sig);  from=nortonfromsymantec.com; dkim=permerror (bad sig) Received: from 127.0.0.1  (EHLO om-norton-trans.rsys1.com) (12.130.138.126)   by mta1002.bt.mail.ird.yahoo.com with SMTP; Fri, 17 Aug 2012 20:55:35 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=symantec; d=nortonfromsymantec.com;  h=MIME-Version:Content-Type:Date:From:Reply-To:Subject:To:Message-ID; i=norton@nortonfromsymantec.com;  bh=ULK+VAnVK14QO+3td1gIlJyZ4mU=;  b=eLRKL0gBATz4/V7A/iSjqn0/9ofvbonDZ2DNNVpjcwdJlLpeS6qHSEj86XqPqPCSQjODp0B1iopv    hgZCacXSog== DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=symantec; d=nortonfromsymantec.com;  b=c1hIuezoSHXjlccZd5VrUOEr65jy72OrdqgJg4J54ZPuvdk39u3zm8dy/glmT7vGIfzNtaG1qG4G    YI1sbQ+PLw==; Received: by om-norton-trans.rsys1.com (PowerMTA(TM) v3.5r17) id h5qnse0morci for <removed>; Fri, 17 Aug 2012 13:53:16 -0700 (envelope-from <norton@nortonfromsymantec.com>) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----msg_border" Date: Fri, 17 Aug 2012 13:53:16 -0700 From: "Norton" <norton@nortonfromsymantec.com> Reply-To: "Norton" <reply@nortonfromsymantec.com> Subject: Apology: We accidentally overcharged you X-cid: symantec.5666.1 X-sgxh1: iLlLjQzbmHjjLttxIlpglLjgLlQJhu To: X-valueof-PSN: HK76949JDVBD X-valueof-COUNTRY_ISO: GB Message-ID: <0.1.A1.534.1CD7CBA52EF1DCC.0@om-norton-trans.rsys1.com> X-Brightmail-Tracker: AAAAAQAAAlk=

 

If I haven't been spoofed, how come Norton thinks it owes me $10?

 

Peter

 

[ Edit : Removed email address ]

Have you contacted CHAT yet? They should bve able to tell you whether it is a spoof or not.

 

Here in the forums we are users helping users and we don't have access to purchasing data as they do. In fact we don't have access to any of your data <g>

 

As others have said, the URLs are valid as they appear in your copy/pastes

 

So please help all of us and check with Support -- you can do that via the CHAT link that uses your computer keyboard and they have a reputation for being quick and helpful.

I have opened live chat case ID   04507197  and received the reply "We value your business.   Unfortunately none of our Representatives are available at this time due to high traffic levels OR you have reached us outside our normal hours of business.  Please continue to browse our site and feel free to use our self-serve options.  Thank you!"

 

I understand this to mean "come back later".  If I leave the window open , can I hope that eventually someone will spot that I need help and email me to actually start chatting.  I assume it's just after 3 am at Norton HQ, but it's not very useful for a world organisation to operate on line only when the sun is shining at their end.

 

Is there a valid Norton email address to which I can forward the suspect email while they are not at work.  I tried spamwatch@symantec.com on Friday, but had it bounced back as that doesn't exist now.

"

Sorry you did not get anywhere -- maybe the UK CHAT observes weekends so it might be worth trying again today.

 

Here's my link:

 

To contact customer support Click on this link https://www.norton.com/chat  and work on from there. 
 

I've nudged Norton here in the forums.

I have finally managed to start a chat session, and Suraj of Norton Support has examined the email headers and told me that it is a genuine email from Norton.  Thanks to Hugh for his help; sorry to have wasted his time.

 

 

How weird. I just came off a chat session with someone called Miracle, who told me I was the victim of a bogus email scam

 

Not wasted at all ... glad you got through and sorted it out .... do let us know when you get your $10 <s>


mmod wrote:

How weird. I just came off a chat session with someone called Miracle, who told me I was the victim of a bogus email scam

 


Was the text identical to the one that Peter Q posted in his first message?

 

There are a lot about so that's why it is best to check. If you have any residual doubts go online to CHAT again and ask.

 

Please let us know ....

Yes, exactly the same.

I also called the hotline in the UK, they wanted my bank details, which is bizarre given they would have had my credit card details already from my subscription to give me $10 credit.


mmod wrote:

 

Yes, exactly the same.

 

I also called the hotline in the UK, they wanted my bank details, which is bizarre given they would have had my credit card details already from my subscription to give me $10 credit.



That sounds so much like a scam [as does the name Miracle (!) ] .... can you please confirm the phone number you called and give it again.

mmod, can you forward me the email you received? My email address is listed on my profile. Symantec won't ask for your bank details, which is why this sounds like it might be a scam. Thanks.