/ Scams

Phishing alert: fake McAfee and Norton Antivirus emails

A familiar phishing scam has returned: scammers are trying their luck at convincing people they need to renew antivirus protection they didn’t know they had.

Fake emails posing as McAfee and Norton Antivirus informing people that their subscription is at an end and needs renewing are currently circulating. The emails ask you to click through on links in order to ‘renew the subscriptions’.

We’ve seen copies of both so you know exactly what to watch out for.

Fake McAfee antivirus email

The McAfee renewal phishing email tells people their subscription has expired and that they ‘strongly recommend renewing your McAfee subscription to keep your privacy online and protect your communications.’


Fake Norton Antivirus email

On the other hand, the fake Norton Antivirus email is a bit more canny. Devoid of colour and any official branding, it uses the format of a payment invoice, claiming that your subscription has been automatically renewed and updated. 


This is partly an attempt to trick you into contacting the scammers using the details at the bottom of the email. 

Spotting fake antivirus emails

Luckily, these emails aren’t as sophisticated as others we’ve seen, but they still pose a threat. They’re absent of official logos or branding and are poorly written, making them easier to spot.

The Norton scam email was sent from a personal email address and uses the wrong currency. It also grossly inflates the cost of subscription: it quotes $542.68 (almost £400) – the actual UK cost of Norton 360 protection is £124.99 for an annual subscription.

These emails are trying to convince people that they have these antivirus products and that they need to be renewed to protect your device. They want you to think that your devices are unprotected and vulnerable.

Both McAfee and Norton have dedicated pages on their websites informing people of the potential scam emails out there claiming to be from them. 

When we made Norton aware of the email a spokesperson confirmed that the email did not originate from them, they said:

“NortonLifeLock is a trusted name in consumer Cyber Safety. We encourage consumers to be vigilant and monitor for phishing attempts, where, commonly, cybercriminals attempt to take advantage of the trusted reputation built by companies and public bodies, to try and trick and defraud consumers.

Any NortonLifeLock customer with a concern should contact our customer support teams, while we also provide helpful tips and techniques for identifying and reporting phishing on our website.”

We reached out to McAfee but it did not respond.

Continue to report phishing emails

You can report phishing email attempts to Action Fraud or you can send them on directly to the National Cyber Security Centre at report@phishing.gov.uk

If you think you may have fallen victim to a phishing email, let your bank know what’s happened straight away.

Guide: how to spot a scam

Guide: how to get your money back after a scam

You can also help protect others from scams like this by making us aware of them using our Scams Sharer tool.

Have you received fake subscription renewal emails for antivirus products or other brands? Let us know in the comments.


Luke has provided another example of the danger of clicking on a malicious link that may look genuine because it refers to familiar anti-malware products that some recipients will use.

If I received this type of email I would log into my software, expecting to find information if there is action I should take, such as renewing my subscription.

Now that links in emails and text messages are so often associated with malware and scams I am not convinced that their convenience outweighs the risk.

Is it too much to hope that any device with McAfee or Norton security installed would stop these invaders before they land?

Maureen says:
14 October 2021

The McAfee phishing email is subtly different and potentially even more damaging : the email “spoofs” one’s own email address as sender, so if trying to block these in an iPhone the consequence is to block all emails addressed to you! The other difference is that these come repeatedly into one’s email inbox- I now get these twice a day, presumably working on the principle of wearing down resistance and then clicking on the link in desperation. Does anyone know how to block (on iPhones) these highly aggravating phishing mails, safely? Help!

Martin says:
15 October 2021

I get lots of the McAfee messages. It’s difficult to block the sender as it changes every time and the sender’s email address is gobbledygook anyhow.
We could forward them all onto report@phishing.gov.uk , but I suspect they are overwhelmed already.

Yes I have given up! I now have a folder for the scammers and just move the offending email over. I only delete them once a month. That way they do not know whether your email address is “alive” or not. Once a month I just delete the contents.

John Byrne says:
15 October 2021

I had over a hundred of these over the course of two or three weeks. Started off reporting them and blocking the sender but realised it was pointless as the sending email address was always different. I just wearily deleted them as they appeared and they seemed to have stopped now.

barbara nixon says:
15 October 2021

So glad to see you’ve highlighted McAfee and Norton’s shenanigans, I have been pestered for at least a year or more but on my email I have a blacklist facility, but that never stopped them, but it seems to have given upon me now, thank goodness. But the requests they send can look convincing and I hope not too many fell for it.

These are scam messages, Barbara. Nothing to do with McAfee and Norton.

There is a link at the bottom of these emails to unsubscribe, i have been wary to do this because it asks for your email address ( which they already have or they couldn’t have messaged you in the first place). is it safe to unsubscribe or will this just make things worse, and is there any way to stop them?

Rob C says:
15 October 2021

That’s the particular question I was hoping might be answered when I visited this page (even though, like you, I think I probably know the answer).

I have a similar experience to John Byrne above in that I am now receiving two of these emails a day (as an aside, they seem to be getting more and more unbelievable). As per John’s experience I’m now hoping that at worst, I just have to put up with them for a couple of weeks and then they will cease.

DB: for many years the advice has been NEVER to use the unsubscribe link in spam/phishing emails. Also, never reply to them. By doing either of these things, all that you are doing is to confirm that your email address is valid and in current use.
By doing either of these things you could simply increase the amount of spam you might receive.

Spammers send emails to hundreds of thousands of possible email addresses, they have no idea which ones are valid or still in use.

Tony says:
15 October 2021

As,with many of the comments,I have received numerous emails purporting to be from McAfee & Norton.The sender address differs each time so blocking and/or reporting appears useless.I just delete anything received.

I’ve noticed that the longer these emails continue the more they descend into complete gobbledegook, which suggests that their prime purpose is to get you to click on that “unsubscribe” button. Something to be avoided at all costs, no doubt…

Rob Spencer says:
16 October 2021

Been getting both for months…Block and they comeback under a slightly different email address. I don’t get why once blocked email providers don’t follow up and close them down. Unless of course they are being remunerated by the spammers…

It’s because they fake the originating address which will be different for every message, making them difficult to block. However, they should be able to recognise the content of the email and block accordingly. I strangely haven’t had any recently but used to get them ages ago. DONT CLICK on unsubscribe or reply to them. If you do you could easily run a program that can damage your PC or give away your info. Just delete or mark as Junk.

My husband spoke to Norton recently and mentioned the emails. Norton emphasised that all of us in receipt of the emails should take a very close look at the email address. If it includes “gmail” in the header then it is a scam as all reputable companies have their company name followed by .com or .co.uk. The ones we were getting did have gmail in the header. I do wish these scammers would find something useful to do with their lives!

Not quite true I’m afraid, but yes do check the address of the sender first. Then DONT click on any Links. just move to trash bin or equivalent.

I get loads of these every day, every week and I report them as spam and still get through xx

I have used Norton 360 for several years, and it is £74.99 a year, NOT £124.99 as this article says.

I subscribe to Norton360, it costs £74.99 a year and not £124.99 as claimed in this article. It will not block emails like this, but it does give good general protection against malware embedded in emails or on websites.

Judy H says:
16 October 2021

When you get several MacAfee emails at one time, all from different email addresses you obviously know they are scams.
We have had several scam emails from different people with the same ISP as us, saying our email in box would be deleted if it wasn’t updated All were sent to a secondary email address , not our main one . Our ISP said they were aware of the problem, but they still kept coming for a couple of weeks

I send all phishing emails that I receive to report@phishing.gov.uk . But do not simply “forward” the email using your email program.
Open a new email to report@phishing.gov.uk , and then attach (or Drag&Drop) the suspect email to the new email. Send it like that.
By doing that, it gives Action Fraud the complete server-routing information of the phishing email. If you use the “forward” function, all they can see is the test of the message and the “apparent” sender email address.
If the phishing email is purporting to come from Amazon or Paypal, then I also copy the email to them (using stop-spoofing@amazon.com or spoof@paypal.com ).

I do not expect that Action-Fraud investigate every single email, but with the routing information they can detect trends. At least sending the emails to Action Fraud (or the company fraud departments) it gives them the opportunity to see what is happening.

Aileen Barclay says:
16 October 2021

I have so far received five emails from Norton each time the amount goes up I just send them an email back telling them that they are stealing and quoting bible verses I don’t suppose they read them but it makes me feel better. Why should I be the only one to receive unwanted mail. I obviously have too much time on my hands.

Aileen, by replying, all that you achieve is that they have confirmation that your email address is valid and in current use.

Ray Boyd says:
16 October 2021

Get lots of these and always report them. I had a couple of these spam emails recently and the intended victims were clearly shown in the CC box. There were about 100 email addresses shown.

I have been plagued with these for over a year.I always ignore them.For someone who doesn’t realise these are fake it can be quite daunting. There methods are menacing and threatening and no matter what you do,they just keep on.

Richard Tingey says:
16 October 2021

These scammers are completely pathetic, but they must have some success in conning people otherwise they wouldn’t do it. I can only assume their target market are people who have only just started computing and haven’t read any scamming warnings.