I examined an email message that encouraged the recepient to update to the latest version of the Norton Internet Security tool. The message looked like a classic phish, complete with the “Update Now” button that pointed to a URL that had “symantec” in it: http://response.nortonfromsymantec.com/servlet/cc6?kPuHglLJQTU…
A boring old phish, you say? Well, I think this note was actually sent by Symantec. According to Whois, nortonfromsymantec.com is registered to Symantec, and the URL redirected to another Symantec domain norton.com.
Dear Symantec communications folks:
- When communicating with customers, please don’t encourage them to download software in response to email messages. Instead, consider explaining to them how to use the auto-update functionality of the software to perform the upgrade.
- If including links in your message, please point directly to a symantec.com domain, avoiding the use of domains similar to those that phishers might use when impersonating Symantec.