Cybercriminals have developed a new phishing campaign, leveraging the trusted brand of the cybersecurity company, Avast, to steal sensitive financial information. This scheme involves a fake website that convincingly mimics Avast’s official portal to trick users into providing their credit card details.
Deceptive Tactics Used in Phishing
The fraudulent website is meticulously designed to resemble the legitimate Avast site, utilizing official logos and color schemes to establish credibility instantly. Victims are shown a fictitious transaction of €499.99, prompting urgent action due to a misleading cancellation deadline of 72 hours, while also stating transactions older than 48 hours are irreversible. This contradiction is often missed by users anxious about the financial loss.
The attackers enhance the site’s authenticity by embedding the real Avast logo from the company’s content delivery network. The fixed transaction amount appears realistic for a software subscription, urging users to act quickly.
Technical Aspects of the Scam
Malwarebytes researchers have discovered that the scam utilizes dynamic JavaScript to insert the current date into the fake transaction record, making the fraudulent charge seem recent. This technique is designed to maximize the shock value for unsuspecting visitors, whether they are actual Avast customers, former subscribers, or individuals concerned about potential identity theft.
The campaign’s broad target audience includes opportunists attempting to claim non-existent refunds, as no authentication is required to proceed to the data collection forms.
Data Collection and User Manipulation
The scam’s technical framework efficiently validates and exfiltrates user data while simulating a support interaction. Once victims provide their contact information, they are prompted to enter their full credit card details, which are verified using the Luhn algorithm to ensure validity before being sent via a POST request.
A live chat feature is also embedded, allowing attackers to interact with hesitant users and encourage them to complete the form. After the data is stolen, users are redirected to a confirmation page, further misleading them by suggesting the removal of security tools that could alert them to the fraud.
Protecting Against Phishing Threats
To safeguard against such threats, users should be aware that legitimate companies never request full credit card numbers for refunds. If a suspicious charge arises, visit the company’s official site directly rather than clicking links in unsolicited messages. Those who have provided their details should immediately contact their bank to cancel the compromised card and dispute charges.
It is also essential to update passwords for any associated accounts and use detection tools like Scam Guard for suspicious messages. Keeping operating systems and applications up-to-date and running comprehensive security scans can help prevent further risks.
