Norton Antivirus Email Scam Warning: Do Not Call the Fake Billing Number
Written by: Thomas Orsolya
Published on:
Norton Antivirus scam emails are fake messages that impersonate Norton, NortonLifeLock, or related security services to scare people into calling a fraudulent phone number, clicking a malicious link, or “canceling” a subscription they never ordered.
These scams usually look like billing notices, renewal alerts, refund confirmations, or urgent account warnings. The goal is not simply to make you believe you bought Norton Antivirus. The real goal is to pull you into a conversation with a scammer who can steal your money, access your computer, or collect sensitive personal information.
Norton itself warns users that scammers may send suspicious emails pretending to be from the company and recommends forwarding suspicious messages as attachments to spam@norton.com. The FTC has also warned about fake Norton billing emails that claim you were charged for a Norton product and urge you to call immediately.
Scam Overview
The Norton Antivirus scam email is one of the most common subscription renewal scams because it exploits a familiar brand name. Norton is widely known for antivirus protection, computer security, identity protection, and online safety products. That familiarity makes the scam feel believable, especially when the email uses official-looking branding, invoice numbers, customer IDs, renewal dates, and large payment amounts.
A typical scam email claims that your Norton Antivirus, Norton 360, NortonLifeLock, or LifeLock subscription has been renewed automatically. The message may say that your account was charged $299, $349, $399, $499, or another amount for a one-year or multi-year plan. In many cases, the victim does not even use Norton, which is exactly why the scam works. The sudden charge creates panic.
The email usually includes a phone number labeled as “billing support,” “refund department,” “cancellation support,” or “customer care.” It may say that you have only 24 hours to dispute the charge. That urgency is intentional. Scammers want you to react before checking your bank account, logging into your official Norton account, or searching for the real Norton support page.
Norton has specifically stated that fake subscription renewal scams have increased, and that identity thieves send fake emails hoping users will click malicious links. Norton recommends sending scam samples as attachments so the company can analyze them properly.
These emails often use subject lines such as:
Norton Antivirus Subscription Renewed
Norton 360 Auto-Renewal Confirmation
Your NortonLifeLock Invoice Is Ready
Payment Successful for Norton Protection
Your Account Has Been Charged
Norton Billing Department: Renewal Notice
Thank You for Your Norton Purchase
Action Required: Cancel Within 24 Hours
Norton Security Order Confirmation
Renewal Invoice Attached
The scam can take several forms. Some emails include a fake invoice PDF. Others place the fake invoice directly in the email body. Some include links to phishing pages. Others avoid links entirely and rely on the victim calling the phone number. That makes the email less likely to be blocked by spam filters.
The most dangerous version is the refund scam. In this version, the email says you were charged for a Norton subscription and must call to cancel or request a refund. Once you call, the scammer pretends to be a support agent. They may ask you to install remote access software, log into your bank account, fill out a fake refund form, or confirm personal details.
From there, the scam can escalate quickly. The criminal may claim they accidentally refunded too much money and pressure you to return the “extra” amount. In reported cases, victims have lost thousands of dollars through fake Norton refund schemes. One 2025 case described by local police involved a fake Norton email that allegedly led a victim to lose more than $49,000 after calling the number in the message.
The scam works because it combines several psychological triggers:
Fear of being charged for something you did not buy
Trust in a recognizable cybersecurity brand
Urgency created by fake cancellation deadlines
Confusion around subscriptions and auto-renewals
Pressure from a fake support agent
Technical intimidation through remote access tools
Embarrassment that prevents some victims from asking for help
A real Norton email may include account or product information, but a legitimate message will not pressure you to call a random number, install remote access software, pay with gift cards, send cryptocurrency, or move money to “protect” your account. Norton also states that official Norton Support is free for current subscribers and that the official support website is support.norton.com.
How the Norton Antivirus Scam Email Works
1. The victim receives a fake Norton invoice
The scam usually begins with an email designed to look like a legitimate invoice or renewal confirmation. The message may use Norton branding, a logo, a fake order number, and a professional-looking layout.
The email often claims:
Your Norton subscription has renewed automatically
Your bank account or card has been charged
Your order is now confirmed
Your account will be debited soon
You have 24 hours to cancel
You must call support if you did not authorize the charge
The email may include a fake product name such as:
Norton Antivirus Plus
Norton 360 Deluxe
Norton 360 Premium
NortonLifeLock Protection
Norton Security Ultimate
LifeLock Identity Protection
Norton Firewall Protection
The amount is usually high enough to cause concern but not so extreme that it immediately feels impossible. Many fake invoices use figures between $299 and $599.
2. The email creates panic with a fake charge
The scam does not need you to believe the charge is real forever. It only needs you to panic for a few minutes.
The message may say something like:
“Your Norton Antivirus subscription has been renewed successfully. Your account has been charged $399.99. If you did not authorize this transaction, call our billing team immediately.”
This is the central trick. The email makes you feel that money has already been taken or is about to be taken. You may rush to call the number before checking whether any charge actually exists.
3. The scammer waits for the victim to call
Unlike many phishing scams that depend on a malicious link, Norton invoice scams often rely on phone calls. This makes them more convincing because the victim feels they are speaking with customer support.
When you call, the scammer may answer with a scripted greeting such as:
“Norton billing department, how may I help you?”
They may ask for the invoice number from the email to make the interaction feel official. Then they may claim they can cancel the subscription or process a refund.
At this point, the scammer is trying to gain control of the conversation. They may speak calmly at first, then become more urgent once they sense hesitation.
4. The victim is asked to install remote access software
In many cases, the fake support agent says they need to “verify your account,” “cancel the renewal from your system,” or “process the refund securely.” To do this, they ask you to install a remote access tool.
They may mention software such as:
AnyDesk
TeamViewer
UltraViewer
Zoho Assist
GoToAssist
ConnectWise
LogMeIn
ScreenConnect
Remote access software is not malicious by itself. Legitimate IT professionals use it every day. But in this scam, it gives the criminal direct control over your computer.
Once connected, the scammer may:
View your screen
Guide you to your online banking account
Steal saved passwords
Access email accounts
Install malware
Move files
Disable security settings
Manipulate what you see on-screen
This is where the scam becomes especially dangerous. A fake billing issue can turn into full account compromise.
5. The scammer uses a fake refund form
After gaining your trust, the scammer may open a fake refund page or form. It may ask for your name, address, phone number, bank name, card details, and refund amount.
In some versions, the scammer tells you to type the refund amount, such as $399.99. Then they manipulate the screen, browser, or HTML code to make it appear that you accidentally received $3,999 or $39,999 instead.
This “over-refund” trick is common in refund scams. The scammer then pretends to panic and says they will lose their job unless you send back the extra money.
The victim is made to feel responsible for a mistake that never happened.
6. The scammer pressures the victim to send money
Once the fake over-refund story begins, the scammer may demand repayment through methods that are hard to reverse.
They may ask for:
Gift cards
Cryptocurrency
Wire transfers
Cash withdrawals
Zelle, Cash App, or Venmo payments
Bitcoin ATM deposits
MoneyGram or Western Union transfers
Mailed cash packages
Bank-to-bank transfers
They may tell you not to speak with your bank, family, or local police because it would “delay the refund” or “trigger legal action.” This is manipulation. Real companies do not ask customers to return accidental refunds through gift cards, crypto, or cash.
7. The scammer may steal more than money
Even if you do not send money, the scammer may still collect valuable information during the call.
They may obtain:
Full name
Home address
Phone number
Email address
Banking institution
Partial card details
Account login credentials
Social Security number
Identity documents
Remote access to your computer
Saved browser passwords
Email account access
This information can be used for identity theft, account takeover, future phishing attempts, or resale to other criminals.
8. The victim may be targeted again
Once a victim engages with a Norton scam email, scammers may keep targeting them. They may send follow-up messages pretending to be:
Norton refund agents
Bank fraud departments
Government investigators
Recovery specialists
Crypto recovery firms
Law enforcement officers
Tech support agents
These are secondary scams. The criminals know the victim has already responded once, so they try again with a new story.
Common Red Flags in Norton Antivirus Scam Emails
A Norton scam email can look polished, but there are usually warning signs.
Watch for these red flags:
The email claims you were charged for a Norton product you never ordered
The sender address does not match an official Norton domain
The message uses generic greetings like “Dear Customer”
The invoice contains strange formatting or grammar errors
The amount is unusually high
The email pressures you to call within 24 hours
The cancellation number appears only inside the email or PDF
The message asks you to call instead of logging into your official account
The email includes an attachment you were not expecting
The link leads to a suspicious website
The support agent asks for remote access
You are told to log into your bank while on the call
You are asked to pay by gift card, crypto, wire transfer, or cash
You are told not to tell anyone
Norton provides a page for verifying whether an email is legitimate and lists legitimate Norton domains users can check against suspicious messages.
Examples of Norton Scam Email Wording
Below are examples of wording commonly used in this type of scam. These are not legitimate Norton messages.
Fake Renewal Invoice Example
Subject: Norton Antivirus Renewal Confirmation
Dear Customer,
Thank you for choosing Norton Antivirus Protection. Your annual subscription has been renewed successfully.
If you did not authorize this transaction, please call our billing department immediately at the number below.
Customer Support: [fake phone number]
Thank you, Norton Billing Team
Fake Cancellation Email Example
Subject: Your Norton Subscription Has Been Activated
Your NortonLifeLock subscription has been activated for another 3 years. The amount of $499.99 will appear on your account within 24 hours.
If you wish to cancel this order, contact our cancellation department immediately.
Cancellation Desk: [fake phone number]
Failure to contact us within 24 hours will result in successful payment processing.
Fake Refund Email Example
Subject: Norton Refund Request Approved
Your refund request for Norton Antivirus has been approved. To complete the refund process, contact our refund department.
Refund Amount: $349.99 Case ID: NR-492810 Support Line: [fake phone number]
Please keep your invoice number ready.
What To Do If You Received a Norton Scam Email
If you received a suspicious Norton email but did not click anything or call the number, the safest response is simple:
Do not call the number in the email.
Do not click links or open attachments.
Check your bank or card account directly, not through the email.
Log into your Norton account only through the official website.
Forward the suspicious email as an attachment to Norton at spam@norton.com.
Delete the email after reporting it.
Norton says suspicious emails that appear to come from Norton can be forwarded as attachments to spam@norton.com. Norton also provides reporting instructions for scam emails involving LifeLock at spam@lifelock.com.
What To Do If You Called the Number
If you called the number but did not share information, install software, or send money, end contact immediately. Do not answer follow-up calls.
Then:
Block the phone number.
Delete the email.
Monitor your accounts for suspicious activity.
Change your email password if you gave any personal details.
Be alert for follow-up scams.
If the scammer convinced you to install remote access software, take stronger action.
What To Do If You Installed Remote Access Software
If you gave the scammer remote access to your computer:
Disconnect from the internet immediately.
Shut down the computer if the scammer is still connected.
Uninstall the remote access software.
Run a full antivirus and anti-malware scan.
Change passwords from a different, clean device.
Enable two-factor authentication on important accounts.
Check your email forwarding rules and recovery settings.
Contact your bank if you accessed financial accounts during the session.
Consider having a trusted technician inspect the computer.
Do not continue using the same machine for banking until you are confident it is clean.
What To Do If You Lost Money
If you sent money to a Norton Antivirus scammer, act quickly.
1. Contact your bank or card issuer
Call the official number on the back of your card or from your bank’s website. Tell them you were scammed and ask whether the transaction can be blocked, reversed, or disputed.
2. Report gift cards immediately
If you paid with gift cards, contact the gift card company. Provide the card numbers and receipts. Recovery is not guaranteed, but fast reporting gives you the best chance.
3. Report cryptocurrency payments
If you sent cryptocurrency, gather the wallet address, transaction hash, screenshots, and communication records. Crypto transfers are usually irreversible, but the information may help investigators.
4. File a police report
A police report can help with bank disputes, identity theft recovery, and documentation.
5. Report the scam to the FTC
In the U.S., report the scam to the FTC at ReportFraud.ftc.gov. The FTC tracks scam patterns and provides recovery guidance.
6. Preserve evidence
Save:
The scam email
Email headers if possible
Phone numbers used
Screenshots
Receipts
Bank transaction records
Remote access software names
Chat logs
Any names or case numbers the scammer used
7. Watch for recovery scams
After losing money, you may be contacted by people claiming they can recover it for a fee. Be careful. Many “recovery agents” are scammers too.
How To Check If a Norton Email Is Real
Do not rely only on the logo, formatting, or invoice number. Scammers can copy branding easily.
Use this checklist:
Check the sender’s full email address, not just the display name.
Compare the domain with Norton’s official list of legitimate domains.
Do not use phone numbers from suspicious emails.
Do not open unexpected invoice attachments.
Log into your Norton account directly from the official website.
Check your bank account directly for any real charge.
Contact Norton only through official support channels.
Search the exact phone number online; many scam numbers are reported by victims.
A real billing issue should be visible inside your official account or financial statement. If the email claims a charge happened but your bank account shows nothing, it is likely a scam attempt.
Why Norton Is So Often Used in These Scams
Scammers impersonate Norton because the brand is strongly associated with computer protection. That gives the scam credibility.
They also target antivirus subscriptions because many people are familiar with auto-renewals. A fake renewal notice feels plausible, especially to users who may not remember what software they installed years ago.
The scam also targets anxiety. People worry about:
Being charged unexpectedly
Losing access to computer protection
Viruses and hackers
Identity theft
Subscription traps
Refund deadlines
Scammers use those concerns to move victims from email to phone, where manipulation becomes easier.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
Norton Antivirus scam emails are not real billing notices. They are phishing and refund scams designed to make you panic, call a fake support number, click a malicious link, or give criminals access to your computer and money.
The safest response is to stop, verify independently, and never use the phone number or link inside the message. Check your bank directly, log into your Norton account through the official website, and report suspicious emails to Norton.
If you already interacted with the scam, act quickly. Disconnect remote access, secure your accounts, contact your bank, preserve evidence, and report the fraud. The faster you respond, the better your chances of limiting the damage.
FAQ
Is the Norton Antivirus renewal email real?
It may be real, but many Norton renewal emails are scams. Do not trust the logo or invoice layout alone. Check your bank account directly and log into your Norton account through the official Norton website, not through links in the email.
Why did I receive a Norton invoice if I never bought Norton?
Scammers send fake Norton invoices in bulk. They do not always know whether you use Norton. The goal is to make you panic about a fake charge and call the scam phone number.
What happens if I call the number in the Norton scam email?
You may reach a fake support agent who claims they can cancel the charge or process a refund. They may ask you to install remote access software, log into your bank, provide personal details, or send money through gift cards, wire transfer, crypto, or payment apps.
Can scammers charge me just because I opened the email?
Usually, no. Simply opening the email does not mean you were charged. The danger starts when you click links, open attachments, call the number, download software, or share information.
What should I do if I clicked a link in a fake Norton email?
Close the page immediately. Do not enter any information. Run a security scan, clear suspicious downloads, and change passwords if you typed login details. If you entered banking or card information, contact your bank right away.
What should I do if I downloaded remote access software?
Disconnect from the internet, uninstall the remote access tool, run a full malware scan, and change important passwords from another clean device. Contact your bank if you opened financial accounts while the scammer was connected.
Where can I report Norton scam emails?
Forward suspicious Norton emails as an attachment to spam@norton.com. You can also report fraud to the FTC at ReportFraud.ftc.gov if you are in the U.S., and to your bank or local cybercrime authority if money or personal information was involved.
How can I tell if a Norton email is fake?
Common signs include a strange sender address, urgent cancellation language, a high invoice amount, grammar errors, suspicious attachments, a phone number inside the email, and instructions to call immediately to stop a charge.
Does Norton ask for payment through gift cards or cryptocurrency?
No. A legitimate company will not ask you to pay, refund, or reverse a billing mistake using gift cards, cryptocurrency, cash deposits, wire transfers, or Bitcoin ATMs.
Can I get my money back after a Norton email scam?
It depends on how you paid and how quickly you act. Contact your bank, card issuer, gift card company, or payment provider immediately. Preserve the email, phone number, receipts, screenshots, and transaction details.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
