Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors.
The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from the company’s content delivery network.
It displays regular navigation links like “Home,” “My Account,” and “Help,” all styled identically to the real site.
At the center of the page, a bright orange notice claims the user has been charged €499.99 for an Avast product.
The page insists users have only 72 hours to cancel, even though it also says transactions older than 48 hours can’t be reversed an intentional inconsistency meant to confuse and pressure victims.
The website specifically targets French-speaking users, exploiting Avast’s trusted brand identity to trick people into revealing sensitive financial details such as card number, expiration date, and CVV.
The date next to the fake charge automatically updates based on the visitor’s system time. This makes it appear as though everyone who visits has been charged “today.”
While the date changes dynamically, the €499.99 figure remains constant a value large enough to cause alarm but still believable for a premium software subscription.
No real payment is ever made. The goal is purely psychological to convince victims that their card was charged and push them into submitting their information to request a refund.
The Data Harvesting Form
Beneath the fake receipt, the page features a “refund form” that asks for full personal information. Users must enter their name, email, phone number, address, and city, supposedly for identity verification.
Upon completion, a pop-up window appears requesting the credit card number, expiry date, and CVV code allegedly needed to “process the refund.”
To appear authentic, the site even checks card digits using the Luhn algorithm, a legitimate banking validation method.
Information is then sent to a send.php script via a POST request, which transmits all entered details directly to the attackers’ server.
After submission, users are shown a message claiming, “Your application is being processed Thank you for your inquiry.” A final deceptive button labeled “Uninstalling Avast” adds one more layer of disguise, urging users to remove real security protection.
Adding to the deception, the fake site hosts a Tawk. to live chat widget bearing the ID 689773de2f0f7c192611b3bf.
This allows the operators to monitor victims in real time and interact through live chat. The fraudsters use this opportunity to reassure hesitant users, guiding them through the fake refund steps.
The phishing scheme is built to capture various victim profiles legitimate Avast customers seeking refunds, confused users with old subscriptions, non-customers alarmed by the fake charge, and opportunists hoping to claim an unearned refund.
Every type of visitor is compromised through the same form, as the site never asks for account details or license keys.
How to Stay Safe
Users can protect themselves by recognizing common red flags:
- Any sudden charge or refund offer claiming to be “today’s date.”
- Forms asking for full credit card details for a refund.
- No login verification or license request.
- Urgent cancellation windows or countdowns.
- Requests to uninstall security software.
Running a system scan using a reputable security product such as Avast, Malwarebytes, or Microsoft Defender is highly recommended.
If victims have already entered card details, they should immediately contact their bank, cancel their card, and dispute unauthorized transactions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
