geekhack Community > Other Geeky Stuff

Is Norton Lifelock real or a scam

(1/3) > >>

The first I heard from "Norton Lifelock" was an e-mail notification that my subscription would auto renew - I don't have a subscription so flagged it as spam and thought no more of it.

A couple of days later I got another e-mail, then another, then another and finally today one that has my name in it.  Not that impressive as any human could see it in my e-mail address, but enough that I searched for Norton Lifelock scam and found this page all about scams with an absurdly long list of domains "official" domains unsolicited e-mails could come from.  All have come from domains on this list.  I then followed the link to "manage my account" and chose forgot password and sure enough I got an e-mail to change my password.

Next step search for "Norton Antivirus" which I know is real.  The site looks the same, there's no mention of "Lifelock" anywhere in the products page but in my NoScript list it is mentioned.  The company details and issuer on the SSL certificates also match.

Does anyone know if Norton Lifelock actually exist or is this just an elaborate scam?  I can't help wondering if it's related to the e-mails I've been getting for years from Australian universities asking me to cover lectures at short notice (which I have always ignored!)

Back in the pre-Windows days of DOS, Norton Utilities was amazing and I crowed about its value to anybody who was curious.

I probably used it for a while after Windows came around, but it had lost a lot of its luster. And it seemed to have become bloated and hogged resources, so I ditched it in the early-2000s and have generally ignored it ever since.

It is particularly ironic and disappointing when anti-malware products become magnets for the garbage that they are supposedly protecting against.

Norton Lifelock is what Symantec (parent company of Norton) rebranded itself to.

That said, this sort of email could be a fishing scam and why companies initially* moved to 2 factor authentication (2FA). They send tons of emails, you click the link to log in and fail, they now have an email and password you've used in the past, possibly with that company, they can then use those credentials to log into that site, or better still, use a pass through.  They did this to one of the first banks to implement 2FA claiming it was foolproof, I believe it was Bank of America (BofA). How it worked was you went to a scam site/domain linked in the email which loaded BofA in the background and you put your credentials into the fake site which put them into BofA, including the 2fa code you entered and told you it failed, running you in circles while it drained your account. This is why you never click email links before logging in, ESPECIALLY IF YOU USE Microsoft products (F-U Microsoft for hiding extensions and links you incompetent morons!), go to the website you know is the right one then log in.

*2FA can work if used properly but it rarely actually is, in reality it's nearly useless and mostly a scam.
Not only are many companies are using it for data harvesting under the guide or security, but if you are using a phone to log in, and they send you 2FA key to said phone you just destroyed the whole point of having a 2nd factor. The second factor needs to be a secondary system completely disconnected from the first in order to actually work. Worse still, why in god's name would you use the device you log in with and the most easily stolen thing you posses being used as your 2 factor?

And have you ever lost your phone and had to rest your 2FA on an account, what an absolute nightmare. I had an update that wiped my phone (it had an issue), to reset my 2FA on a bank account they wanted to place a 2 week(!) hold on my money. Luckily I had a secondary "key" to bypass the 2fa and reset it without a 2 week wait but not all companies do this. When i created those keys I forgot I even had them and had to get with support before I even realized I had them at all since the account was so old.

Some companies also lead you in circles, you can't change email without a 2fa, but you can't create a 2fa without a working email on the account, so if you rejected using 2fa your account was effectively screwed if you lost access to that email account.  This happened to me with a gaming account.


--- Quote from: Leslieann on Sat, 11 December 2021, 14:53:29 ---Norton Lifelock is what Symantec (parent company of Norton) rebranded itself to.
--- End quote ---
Thanks, that makes sense.  Seems they cheaped out and didn't change the logo (or I'm looking at fake sites...)

The fishing scam was my first thought and why I ignored it but I'm all the more confused that the password reset request on what I believe to be the real site (found via search not a link in the e-mail) worked.  I have not clicked the link in that e-mail either as I haven't used Norton for 15 years and it was never on this account but they sent it.

I do nothing important on my phone (when it works) so it's a reasonable 2FA, just texted codes so loosing it wouldn't be that fatal as I'd just get a new sim.  I may be dragged into the modern world where phones rule life but will resist as long as possible.

I moved (back) to a new (old) city in a different state last year and got a new cell phone with a local number.

Boy-O did that ever slam doors on me when I went back to accounts or sites that I hadn't visited in a while.


[0] Message Index

[#] Next page

Go to full version