Fake antivirus subscription renewal scare scam — Norton / McAfee / Kaspersky / AVG / Bitdefender impersonation claiming subscription expired and device is unprotected / infected, driving card-harvest renewal or gift-card support call; FTC 2024 top-10 impersonation category

Phishing emails impersonating antivirus and security software brands — Norton, McAfee, Kaspersky, AVG, Avast, Bitdefender, Malwarebytes, Webroot, or Windows Defender — falsely claiming the recipient's subscription has expired and their device is now unprotected, infected with viruses, or actively targeted by hackers. The email drives either a payment-card harvest via a fake renewal link or a gift-card extraction via a "call support now" instruction. Distinct from tech-support remote-access scams (which use pop-ups and phone calls); this category uses email as the primary lure. Key facts: (1) FTC 2024: antivirus renewal scams rank in the top-10 reported impersonation fraud categories; combined with tech-support variants, the FBI IC3 2024 logs $800M+ in related losses annually; (2) The scam exploits the genuine subscription model of real AV products — users know their AV has annual renewals, so the notification feels plausible; (3) Real AV vendors send renewal reminders from their official domains with list-unsubscribe headers, always include the device or account name, and direct users to the official website — never to a phone number or a third-party payment link; (4) Scare language ("your device is unprotected / infected / at risk") that a legitimate AV notification would not use is the clearest signal — real AV software shows protection status in the app, not via alarm emails. Warning signs: non-brand sender domain, subscription-expired threat, device-is-infected scare language, call-support-now instruction, renewal link to a non-official domain.