Beware the PayPal “Invoice from Norton Antivirus LLC” Scam

Photo of author

Written by: Thomas Orsolya

Published on:

A dangerous phishing scam has emerged targeting PayPal users through a fake email invoice. Scammers are sending emails with the subject “Invoice from Norton Antivirus LLC” claiming users owe $399 for a Norton purchase. The email provides a fraudulent phone number and tells recipients to call for any issues. However, the number connects to scammers posing as PayPal support to steal financial and personal information. This scam is rampant and fooling many unsuspecting victims. Read on to understand how the scam works, what to do if you are targeted, and how to stay safe from PayPal phishing attempts.

PayPal Norton Scam

Scam Overview

This scam starts with an email claiming to be an invoice from Norton Antivirus LLC for $399 for a fake Norton purchase made through PayPal. The email provides a phone number and instructs recipients to call for any issues.

However, the email and invoice are fraudulent. The scammers’ goal is to get victims to call the number so they can pretend to be PayPal support. They use various tactics to gain remote access to victims’ computers and steal financial information.

Once on the phone, the scammers may say the charge was an error and they want to refund the money. But first they need to confirm some details and access the computer to process the refund. The scammers direct victims to a website or application that allows remote control of the computer.

With access, the scammers can steal stored passwords and financial information. They may also install malware that allows them to continue spying on victims.

In addition to remote access, the scammers may use other tricks like:

  • Asking for credit card numbers to process a refund or a fee for their “support services”
  • Tricking victims into installing fake antivirus software that infects the computer
  • Getting victims to log into their online banking accounts so the scammers can watch them enter credentials
  • Directing users to fraudulent websites cloned to look like PayPal to harvest account logins
  • Convincing victims to buy worthless or overpriced tech support plans and software utilities

This scam starts with a simple phishing email but can balloon into extensive identity theft and financial fraud if victims engage with the scammers. The phone call often opens the door to major damage through stolen account access, remote computer control, and social engineering.

How the PayPal Norton Scam Works

This is a step-by-step breakdown of how the scam unfolds:

The Phishing Email

The scam starts with an email sent to thousands of potential victims. The subject line is “Invoice from Norton Antivirus LLC.” The sender name also shows Norton Antivirus LLC.

The email body claims the recipient paid $399 to Norton LLC through PayPal for a purchase made that day. It provides the phone number 888-279-2416 to call for any issues.

The email may include the PayPal logo and colors to appear more legitimate. However, it is sent from a spoofed email address, not from PayPal.

The Initial scam Phone Call

When victims call the number, the scammers answer the phone posing as PayPal customer support agents. They ask for information like name, email address, and partial account number to build trust.

The scammers apologize for the erroneous Norton charge and claim they need to cancel the invoice and refund the money. But first they must “verify the account” before processing the refund.

Gaining Remote Computer Access

The scammers direct victims to a website and instruct them to download a remote access tool. This allows the scammer to control the victim’s computer remotely.

They may say they need to connect to process the refund or make sure no other suspicious activity is occurring. But this access allows them to spy on victims.

The scammers may also direct users to log into their online bank accounts while watching the credentials entered.

Stealing Personal and Financial Information

With remote access, the scammers can now search the computer for sensitive information such as:

  • Saved passwords, financial documents, tax returns
  • PayPal session cookies, account numbers
  • Online banking usernames and passwords
  • Credit card numbers, CVV codes, expiration dates
  • Social Security Numbers, driver’s license numbers
  • Passport numbers, birth certificates

The scammers may also install keylogging malware to continue harvesting data after the call.

Charging Fraudulent Fees

In addition to stealing information, the scammers may charge victims money in various ways:

  • Asking for credit card information to collect a fee for the refund or tech support services
  • Tricking the victim into buying fake antivirus software, worthless subscriptions, or overpriced computer tune-ups
  • Having victims log into online banking to make wire transfers to accounts controlled by the scammers
  • Leveraging remote access to transfer money out of online bank accounts

Further Fraudulent Activity

With the sensitive details obtained, the scammers may:

  • Access and drain the victim’s PayPal account
  • Take over other online accounts by resetting passwords
  • Open fraudulent credit cards or bank accounts to steal money
  • File fake tax returns and collect refunds in the victim’s name
  • Damage the victim’s credit and commit wider identity theft

Just one phone call gives the scammers enough access and information to inflict huge financial and identity theft damages.

What to Do If You Receive the Scam Email

If you receive an email claiming to be a PayPal invoice from Norton Antivirus LLC, do not call the provided phone number. Here are the steps to take:

  • Forward the scam email as an attachment to phishing@paypal.com to report it. PayPal tracks these scams and works with authorities.
  • Do not reply to the email, click any links within it, or call the number. These actions confirm an active target to scammers.
  • Check your PayPal account history to identify any unauthorized activity. Log in directly through the PayPal website or mobile app.
  • Change your PayPal password if you feel your account may be compromised. Avoid reusing old passwords.
  • Review connected payment sources like bank accounts or credit cards for unauthorized charges. Contact institutions to dispute fraudulent activity.
  • Place an initial fraud alert on your credit through one of the three credit bureaus. This flags potential identity theft issues.
  • Monitor your credit reports and financial accounts closely for signs of misuse of your information.

What to Do If You Already Called the Scammers

If you already called these scammers and provided personal or financial details, take these steps immediately:

  • Contact PayPal to inform them your account is compromised. Reset your password or close the account if unauthorized activity occurred.
  • Change passwords on any other financial accounts that used the same login credentials.
  • Work with your bank and credit card company to freeze accounts, dispute charges, and issue new cards.
  • Place an extended fraud alert on your credit, which locks your reports from new accounts for 7 years.
  • Monitor all your financial accounts and credit reports for fraudulent activity. Check reports from Equifax, Experian and TransUnion.
  • Consider filing an identity theft report with the FTC and your local police station. This aids recovery efforts.
  • Contact the IRS to discuss potential identity theft if scammers have your SSN and date of birth.
  • If you suspect your device is infected with malware, you should run a scan with Malwarebytes Anti-Malware.

Recovering from Identity Theft

If scammers steal and abuse your personal information, undoing the damage can be complex. Key steps include:

  • Filing a complaint with the FTC to activate an Identity Theft Report.
  • Placing a credit freeze with all three credit bureaus to restrict access to your credit reports.
  • Contacting affected financial institutions and government agencies to report fraudulent activity. Provide an Identity Theft Report.
  • Closing newly opened fraudulent accounts and correcting false information added to your reports.
  • Responding to all contacts promptly to resolve identity theft issues before they multiply.
  • Using the FTC sample letter templates to dispute unauthorized debts or credit issues.
  • Being patient and persistent to clear up your credit and accounts. It can be a lengthy process.

10 FAQs About the PayPal Norton Scam

1. Will Norton actually invoice me via PayPal?

No. Legitimate Norton purchases and renewals happen directly through Norton.com, not via PayPal invoices. Norton will never threaten suspension or send a random PayPal bill.

2. Does PayPal call customers about invoice issues?

No. PayPal does not make outbound calls about account issues. Any call claiming to be PayPal support related to an invoice is scam.

3. Can PayPal see the scam email I received?

No. PayPal cannot see emails that were sent to you directly by scammers. Forward the scam email as an attachment to phishing@paypal.com so they have a copy.

4. What details should I never share over the phone?

Never share your PayPal password, credit card numbers, bank account details, SSN, or other personal info with an unsolicited caller claiming to be PayPal. Real PayPal staff will never ask for these details.

5. If I paid the fake Norton invoice, can PayPal refund me?

Unfortunately, PayPal cannot refund money lost to scams conducted external to their platform. If you paid a scam invoice via bank transfer, you need to work with your bank to attempt recovery.

6. Can I tell if my account was accessed by calling PayPal?

Yes. Contact PayPal directly through their official customer service lines. They can review activity on your account and help you identify unauthorized access or charges.

7. Should I change my PayPal password if I suspect a scam?

Yes, immediately. Even if you did not divulge your password, you should reset it if you have reason to believe your account security was compromised.

8. How long does it take to resolve identity theft issues?

It typically takes an average of 200 hours of work over 7 months to undo identity theft damage, according to the Identity Theft Resource Center. It requires persistence.

9. Can PayPal compensate me if I lost money to a scam?

Unfortunately, PayPal does not cover money lost due to providing sensitive account information to scammers. Your bank may be able to help recover stolen funds.

10. Where can I learn more about PayPal phishing scams?

PayPal provides excellent resources about identifying and avoiding current phishing scams at their Security Center: www.paypal.com/us/smarthelp/article/how-can-i-tell-if-an-email-requesting-information-is-legitimate-faq3176.

In Summary…

The “Invoice from Norton Antivirus LLC” phishing scam targeting PayPal users is deceiving victims into surrendering account access and sensitive personal data. If you receive this scam email, report it to PayPal immediately. Do not call the provided number or reply to the email. Check your account for unauthorized activity and reset your password. With caution, awareness, and swift action, PayPal users can avoid being scammed and protect their identities.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Got A “Geek Squad Renewal Processed” Email? It’s A Scam!

Next

Don’t Fall for the Easy Returns Refund Credit Scam Call