Wednesday, February 9

Damn it, I almost got hacked, by "Norton renewal" trick

Declaimer: After I think it over, I don't think it is related to Symantec or Norton.

Declaimer: I was an employee of Symantec for 5 years.



Here is the story: I found a "Purchase update" email :


And the attached invoice has the Norton letter head:





and the information:




I am a ex-employee of Symantec security product, and I like this product, and I did subscript for its service some time in previous years from my own pocket, after I already left the company.  But at this moment I am not using it now, and I don't have intention to use it. I guess I forgot to discontinue the subscription?


Without thinking further, I took out my phone and start dialing the listed number 1-872-234-8154 , talked to the representative. The office sounds crowdy because I can hear another representative talking in another line when I am talking to this one.  After I told him I received this email, and I wanted to unsubscribe the service and get my money back, he asked for the invoice number , and confirmed this transaction was already occurred this morning , but he pleasurably assured me that he would guide me through the process and I would have my money back.

That is a good start.

He confirmed I was in front of a computer, then asked which operating system that was, Windows or MacBook. After getting the answer of Windows, he guided me to type Win+R to a command line, and type in "www.anydesk.com" .   A browser is open to visit this AnyDesk website. I checked it, and it looks like a normal remote IT Help Desk platform. So I followed his instruction and download it and got to the setting to type in a password.

Maybe he was not familiar with the procedure, he let me waited 2 minutes when he was looking for password for me to type in (set a password in my client, so that he is able to connect ), so I used this time to google "AnyDesk", confirm it is a legitimate website.



Yes, he comes back with a password "norton1234" for me to type in, and I did so.  I remembered doing similar procedure when I need IT help from headquarter office, they would require me to do similar thing, so that they can control my work computer to fix things.


Wait, I don't need Norton to fix anything in my computer. I don't even have the Norton software installed in this computer. Why do they need to control my computer? I am here to ask them to unsubscribe and get my money back.


Before anything happened, I modified the password in my client from "norton1234" to another password, then I asked him:"why do you want to control my computer?" He assured me this was the process of getting my money back. 


I don't buy it. Insisted on not letting his control my computer. Even if my computer don't have any sensitive data, getting it control would be a humiliation to me, as a de-facto expert in security for all these years. He said this was the only way to get my money back. That is unreasonable! I asked for his manager, and yelled at the manager about him trying to connect/control my computer, but the manager also said that was the correct way to get my money. I refused to let them connect to my computer, and they refused to return to my money. I had to say:" do you have any other way to complain about this process, or do I have to go to court to get my money back?" The manager just simply said:"Yes you can go to the court."


The argument was so heated, my wife in next room came over to make sure things was still under control.


Anyway, I hung up the phone, not accomplished anything. 


 I need to go to Norton website.


Then I logged into my Norton account, and found it says my subscription was expired. Didn't they just charged my $299.99 to renew?  Maybe the transaction is completed but the account is not refreshed with new info? But why  is says $49.99 to renew? That is fishy...


So I came back to the origin "Purchase update" email. The sender is not even from @norton.com. It is from a @gmail.com email address!


Damn, that was a social engineering hack! and I almost fell for it! Had I not reset the password fast enough, the bad guys would have full control of my computer and do things I don't want to know! My sense of "not being remote-control" saved me!


I don't think AnyDesk is part of this hack, but it is being exploited by the bad guys.