A sophisticated phishing scam has emerged, targeting French-speaking users across Europe by impersonating Avast antivirus software. The fraudulent website cleverly deceives victims into providing their complete credit card details—including card number, expiration date, and CVV code—by fabricating a €499.99 unauthorized charge and enticing users with the promise of a swift refund.
This operation employs a blend of realistic branding and technical sophistication, utilizing dynamic JavaScript to create a sense of urgency and incorporating real-time live chat features to harvest payment information on a large scale. The phishing site closely resembles Avast’s official portal, even loading the genuine Avast logo from the company’s content delivery network, ensuring that the recognizable orange-and-white shield appears authentic.
Navigation links such as “Home,” “My Account,” and “Help” are designed to mimic the actual interface, while a conspicuous orange warning box applies undue pressure by claiming that cancellation requests must be submitted within 72 hours, despite stating that transactions over 48 hours cannot be reversed—a contradiction intended to rush users into action.
At the heart of the scam is a fabricated transaction record displaying a -€499.99 debit dated “today.” The JavaScript functionality pulls the local system date upon page load, making the charge feel immediate and personal, regardless of whether it’s February or August.
The fixed €499.99 amount is strategically chosen—large enough to provoke alarm yet plausible as a subscription renewal. Importantly, no actual Avast account or transaction exists; the operation relies solely on social engineering tactics to induce panic among potential victims.
Phishing Form Captures Data With Technical Precision
The scam’s form begins innocuously, asking users to select refund reasons from a dropdown menu (“Avast refund,” “Fraudulent transaction,” etc.) while also requesting full personal details, including name, email, phone number, address, city, region, and postal code. This information is framed as necessary for identity verification in the refund process.
Upon submission, the form triggers a modal requesting credit card information to “credit back” the payment. To enhance credibility, the page employs the Luhn algorithm—a standard validation check used by banks to verify card numbers—rejecting invalid entries before they can be transmitted.
Once users click “Confirm,” their data is posted as JSON to a backend script, capturing all personal information along with the card number, expiration date, and CVV. Victims are then shown a fake confirmation message stating, “Your application is being processed,” accompanied by a button urging them to “Uninstall Avast”—a final tactic aimed at disabling protective software.
A notable feature of this scam is the bottom-right Tawk.to live chat widget, which allows operators to engage with visitors in real time. This interaction reassures hesitant users and addresses concerns, such as the conflicting 72/48-hour deadline, transforming the site from a passive phishing attempt into a dynamic fraud scheme.
Spotting and Stopping Refund Scams Like This
The Avast clones serve as a stark reminder of the broader refund-phishing trends affecting brands globally. Key red flags to watch for include:
- Dynamic dates that appear to be “today”
- Tight deadlines for action
- Requests for full card re-entry
- Absence of account verification steps
- Suspicious live chat interactions
- Prompts to uninstall legitimate software
- Lookalike domain names
Legitimate companies typically verify identities through official logins and would never request CVV information for refunds. If you find yourself caught in such a scam, it is crucial to act quickly: contact your bank to cancel the card, dispute any unauthorized charges, change linked passwords, and scan your devices for malware.
Proactive measures include keeping software up to date, enabling web protection tools like Malwarebytes, and submitting any suspicious files to services like Malwarebytes Scam Guard. Users are advised to navigate directly to official websites, such as avast.com, and to avoid clicking on unsolicited links.
Avast has issued warnings regarding these scams through official channels, encouraging individuals to report incidents both to the company and to authorities, such as France’s cybercrime unit. This ongoing campaign highlights the evolution of phishing tactics, where technical finesse meets psychological manipulation, underscoring the importance of vigilance to avoid becoming a victim.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
