Invoice 1236 Has been Renewed Successfully.

NOTE: Here’s a new type of phishing scam – the auto-renewal email. This one claims to be renewing a service you never purchased. The following is an example from a sender claiming to be from Norton. A couple things to note here:

  • Domestic companies don’t include “USD” in the amount request
  • After doing a quick Google search, we discovered the phone number stated in the email is stolen
  • Nothing in the email or on the invoice is personalized

These are all red flags!

The entire point of this message is to get you to call in and verify your information, which will undoubtedly allow them to steal it. The call attempt will likely route you to a scammer who will try to sell you worthless services or worse, attempt to get you to do a screen share with them, which will allow them to install malware on your machine. Don’t do any of this!

Let’s take a closer looks at this phish:


When we Google searched the phone number (***-***-4711), we discovered it belongs (belonged?) to a thermostatic shower valves company. Upon further review of said company, we noticed their Twitter account hasn’t been updated since 2015. Whatever the case, their number was stolen and used in this phish.

Here’s the message body:

Phish: Norton Subscription Renewal

Like in the message body, the invoice has no personalized information. It’s all blank.

Here’s the attachment:

Phish: Norton Subscription Renewal

Author: Phish Archiver

I publish examples of phishing emails for reference to help you identify spam/scam emails. If you found this phish or one similar in your inbox, be sure not to click on any links within it and proceed to delete/report it.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.