Authorized Symantec reseller scams users into buying security software

Malwarebytes researchers have discovered a new tech support scam that, unlike most, is being perpetrated by an active member of the Symantec Partner Program.

Users are being tricked into visiting a web page sporting a fake warning imitating those shown by Symantec’s Norton AV, and urged to contact tech support via a “support toll free helpline”:

Authorized Symantec reseller scams users into buying security software

Calling the offered phone number will get the victims in touch with a “support technician” that first instructs them to visit a website that will allow him to gain remote control of the computer, and will then open and show them the Windows EventViewer.

“Sadly, Microsoft’s central log and error reporting tool can all too easily be leveraged thanks to those yellow and red warnings, which the majority of the time are perfectly normal. Of course, for a scammer it’s the perfect way of claiming those are infections or viruses,” says Malwarebytes’ Jerome Segura.

The technician has also other tricks up his sleeve to “prove” that the computer is infected, and ultimately offers the victims to install the Norton AV solution and fix the problem for $199, or an even more extensive service for an additional $50 more:


All in all this is a typical tech support scam, and the only thing that makes it stand out is the fact that it seems to be perpetrated by a company that is a current Symantec business partner that’s authorized to sell the company’s products, including maintenance services and support.

“It is a sad state of affairs when tech support scammers are not ashamed of using lies to sell their products and services but also double cross their partners, thereby inflicting brand and reputation damage,” Segura pointed out.

The company – Silurian Tech Support, Inc. – has been reported to Symantec, and its website has been taken down shortly after.


“While we can’t say conclusively who was behind this particular scam, we can confirm that this particular site has been taken down and that we are also in the process of terminating our partner agreement with Silurian,” Symantec told The Register.

“After identifying any abuse of the Norton or Symantec brand, we pursue our rights and defend our intellectual property, and where necessary will work with law enforcement.”