We are currently seeing a high volume of payment and subscription scams. The scam messages include a fake receipt from a known and legitimate company.  The emails encourage recipients to call a number or click a link to cancel the payment and engage with the scammers. Their goal is to steal recipient money or data.

Indicators of Phishing

• From an email address not affiliated with the purported business or service.
• Makes a false statement about a charge to a debit card or other transaction and encourages contact to correct the error.
• Subjects like: “PAYMENT DONE,” “Invoice Number”, “Receipt Number”, or “Bill no.” followed by a string of letters and numbers, often between two # symbols.. Caps may be used to indicate urgency.
• Spelling errors and typos in the message.
• Suspicious and unexpected.

What to do if you receive one of these:

• Do not reply, click the link(s), call the phone number, or login (if you do click the link).
• Report it as Spam to Google.
• Forward the notice to [email protected].
• Check your bank statement to confirm whether the charges are real or not. 
• For more information, please see: How to Manage Spam Emails 

Example:

From: robert lor <[email protected]>
Subject: PAYMENT DONE______________NYR7755269R
Date: September 9, 2021 at 10:31:42 AM CDT
To: [email protected]

___OUR valued consumer___

thank you for your purchase through NORTON . this email that is to inform you your annual subscription with Norton is RENEWED .

Here is an overview of your recent purchase :-

PRODUCT INFO
invoice no :- NYR7755269R
ORDER date :- 09/09/2021
PAYMENT method : - auto – debited

VALUE :- $321.67

to upgrade /cancel your subscription , PLEASE contact our customer service at
+1 (810)-(515)-(7954)

Thank you,
Norton billing support