Smells Like Phish: Symantec’s Update Norton Internet Security Email

I examined an email message that encouraged the recepient to update to the latest version of the Norton Internet Security tool. The message looked like a classic phish, complete with the “Update Now” button that pointed to a URL that had “symantec” in it:…

A boring old phish, you say? Well, I think this note was actually sent by Symantec. According to Whois, is registered to Symantec, and the URL redirected to another Symantec domain

Dear Symantec communications folks:

  • When communicating with customers, please don’t encourage them to download software in response to email messages. Instead, consider explaining to them how to use the auto-update functionality of the software to perform the upgrade.
  • If including links in your message, please point directly to a domain, avoiding the use of domains similar to those that phishers might use when impersonating Symantec.


Lenny Zeltser


About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. In a previous role, he was responsible for security product management at NCR Corp. Lenny also trains incident response and digital forensics professionals at SANS Institute. He frequently speaks at industry events, writes articles and has co-authored books. Lenny has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more