Cybercriminals Exploit Fake Avast Website to Steal Credit Card Information
In a recent development, cybercriminals have launched a sophisticated phishing campaign that impersonates the reputable cybersecurity firm Avast. This scheme is meticulously crafted to deceive users into divulging sensitive financial information by presenting a fabricated scenario of an erroneous charge.
Deceptive Tactics and Psychological Manipulation
The attackers have created a counterfeit website that mirrors the authentic Avast portal with remarkable precision, employing official color schemes and logos to establish credibility. Upon visiting the site, users are confronted with a fictitious transaction record indicating a debit of €499.99. To instill a sense of urgency, the site displays a warning stating that cancellation requests must be filed within 72 hours, while simultaneously claiming that transactions older than 48 hours are irreversible. This deliberate contradiction is often overlooked by panicked users focused on the substantial financial loss.
Technical Mechanisms of Data Harvesting
The fraudulent page employs dynamic scripting to enhance its deceptive capabilities. A specific line of JavaScript reads the local system clock and automatically inserts the current date into the transaction record. This ensures that, regardless of when a user accesses the site, the fraudulent charge appears to have occurred that very morning, heightening the shock value.
Once a victim submits their personal contact details, the site presents a modal dialogue explicitly requesting full credit card information, including the number, expiration date, and CVV code. To ensure the utility of the stolen data, the attackers have implemented the Luhn algorithm within the page’s code. This mathematical validation checks the structural integrity of the entered credit card number in real-time, preventing the submission of typos or dummy numbers. Only valid card formats are accepted, which are then bundled into a JSON object and transmitted via a POST request to a backend file named `send.php`.
Distinctively, the site also embeds a live chat widget from Tawk.to, specifically using account identifier 689773de2f0f7c192611b3bf, allowing the operators to engage with hesitant victims in real-time. This interactive element functions as a “support agent” to nudge them toward completion. Following the data theft, the user is redirected to a confirmation page, a final social engineering tactic intended to remove the very security tools that might alert the victim to the ongoing fraud.
Broader Implications and Target Audience
This campaign is expertly designed to ensnare a wide spectrum of potential victims. It targets actual Avast customers who might believe they are addressing a billing error, forgotten subscribers assuming an old account has renewed, and alarmed non-customers who immediately fear identity theft upon seeing the charge. Even opportunists looking to claim a refund they are not owed fall prey to the scheme, as the site does not require a login or license key, allowing anyone to proceed directly to the harvesting forms without authentication.
Defensive Measures and Recommendations
To defend against such pervasive threats, users must recognize the warning signs of refund fraud. Legitimate vendors will never ask for a full credit card number and security code to process a refund, as they already possess the necessary transaction data. If you encounter a suspicious charge, navigate directly to the company’s official website rather than clicking links in unsolicited messages.
For those who may have entered their details, it is critical to contact your bank immediately to cancel the compromised card and dispute any pending charges. It is also advisable to change passwords for any accounts associated with the email address provided to the scammers, as this data creates a risk of future account takeovers. If unsure, you can also submit suspicious messages to detection tools like Scam Guard for review.
Finally, always keep your operating system and applications updated, and run a comprehensive scan with reputable security software to ensure no additional malware or remote access tools were introduced during the interaction.
