Pretending Protection: Fake Avast Website Cons Millions with Phony Refund Scam

It starts with a jolt: a flashing orange alert claims you’ve been billed nearly €500 for antivirus software you never bought. The website looks legitimate - Avast logos, familiar menus, even a live chat box promising help. But behind the scenes, cybercriminals are engineering a psychological trap designed to harvest your most sensitive financial details. Welcome to the latest wave of phishing fraud, where the only thing real is the risk to your wallet.

Fast Facts

• Fraudsters created a near-perfect clone of Avast’s official website to trick users.
• The scam targets French-speaking users, displaying a fake €499.99 charge with today’s date.
• Victims are pressured to submit personal and credit card details through a bogus “refund” form.
• The site validates card numbers using real banking algorithms to appear credible.
• Live chat is used to guide and reassure users as they hand over sensitive information.

Inside the Scam: How Phishers Hook Their Victims

The operation begins with a slick imitation of Avast’s homepage. Every detail is engineered for trust: logos lifted from Avast’s own servers, navigation links, and a convincing layout. At its heart, a dynamic warning claims you’ve been charged €499.99 - an amount big enough to alarm, but plausible for a premium subscription. The date updates automatically to match your system, making the threat feel immediate and personal.

Victims are told they have just 72 hours to cancel, but the fine print insists that transactions older than 48 hours are non-refundable - a deliberate contradiction designed to confuse and rush decisions. The site’s true goal: to push you toward a “refund form,” where you’re asked for your name, address, phone number, and email. Submission triggers a pop-up demanding your credit card number, expiration date, and CVV code, supposedly to “process the refund.”

To reinforce the illusion, the site checks your card number using the Luhn algorithm, a standard validation tool used by real banks. Details entered are relayed instantly to the attackers’ server, with a reassuring message that your request is “being processed.” For extra deception, a live chat widget allows scammers to interact with you in real time, offering step-by-step guidance through the fraudulent process.

Crucially, the scam is broad in scope: it doesn’t matter if you’re an actual Avast customer, a confused user with an old subscription, or someone who’s never used the software. The site never asks for account details or license keys - just your financial data. After the final step, users are even encouraged to “uninstall Avast,” potentially leaving their devices further exposed.

Staying a Step Ahead

Phishing attacks are growing ever more convincing, but vigilance remains the best defense. Watch for sudden charges, forms requesting full payment details for refunds, and any website urging you to uninstall your security software. If you’ve entered your card information, contact your bank immediately to block unauthorized transactions and secure your account. And above all, remember: real companies will never ask for your full credit card details to process a refund.

WIKICROOK

• Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
• Content Delivery Network (CDN): A Content Delivery Network (CDN) is a network of distributed servers that deliver web content quickly to users based on their geographic location.
• Luhn Algorithm: The Luhn Algorithm is a checksum formula used to validate credit card numbers and detect input errors, ensuring data integrity and reducing fraud risk.
• POST Request: A POST request is an HTTP method for sending data to a server, commonly used in form submissions and targeted in various cyberattacks.
• CVV Code: The CVV code is a 3- or 4-digit number on payment cards, used to verify transactions and reduce card-not-present fraud.