When they're not baiting you with promises of naked pictures of sex tapes or the immediate need to reset your password — or else face the most dire of consequences — phishers and identity thieves occasionally change up their approach, as seen in a new round of phony emails supposedly from the trusted security firm Symantec.
The emails, titled "Norton Important Alert," inform the recipients that, "Your e-mail address was successfully upgraded with the latest Norton Anti-Virus update." According to the Sophos researchers who spotted the scam, the message, which purports to be from Symantec@Norton.com, instructs you to "immediately" sign in to your email account to activate the supposed security software. Seems like Symantec is doing you a favor, right?
Following the embedded link to do so, however, takes gullible victims to another Web page that looks like — but isn't — an official AOL login page. Here's where the trouble starts.
[What Is Phishing and How Can I Fight It?]
"This email claims to be from Norton, but it takes me to an AOL login screen?" Sophos' Joshua Long wrote. As Long explains, this is one of several glaring examples of things just not adding up.
"An AOL login screen hosted on what appears to be a hacked domain instead of at aol.com? On an unencrypted connection instead of over HTTPS? This seems more than a little suspicious."
"And what exactly does it mean for an 'email address [to be] upgraded with the latest [anti-virus] update' anyway?" he added.
The lesson to be learned here is never enter your email address and password on a Web page that looks suspicious, one you were redirected to, or one you were taken to from a link in an unsolicited email. Always check to make sure your browser shows an encrypted connection anytime you hand over any important personal information, such as passwords or bank account details, and make sure you keep your legitimate anti-virus software updated to weed out threats like these.