New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Rogue Affiliates Run Antivirus Scams

Rogue affiliates are sending emails to antivirus software customers that falsely claim that the customer’s subscription is expiring in order to trick them into updating their subscription early. Security software affiliates are third-party sites that send visitors to antivirus software companies to earn a commission if a sale is made. Legitimate companies that offer affiliate programs have strict guidelines on how to promote their software and prohibit misleading and false advertising. BleepingComputer became aware of scam emails this week that tell recipients that their Norton and McAfee antivirus software is expiring that day and prompting them to renew their license. The scam emails contain language such as “WARNING: Antivirus Can Expire” or “Your Protection Can Expire TODAY!” and include a link that sends them through the affiliate’s link, then redirects to the legitimate antivirus software company to earn a commission for the affiliate if the customer pays for the software.

Analyst Notes

This scam involves false claims that antivirus software is about to expire, but many other email scams attempt to trick recipients into clicking a link or visiting a website for more dangerous purposes, with the goal of stealing passwords or downloading malware onto the victim’s computer. All such email from unknown senders should be treated with suspicion. Most legitimate antivirus software companies will notify their clients of expiration dates through the software installed on the computer, but some also send emails to clients as reminders to renew. Recipients of email notifications to renew software should first verify that they have the antivirus software that the email claims. Open the antivirus application to check the expiration date. If it is expiring, go to the software vendor’s website directly to renew the subscription, rather than clicking any links in the email.

To read more: