A fraudulent phishing website impersonating Avast’s branding is actively targeting French-speaking users, tricking them into surrendering their full credit card information — including card number, expiration date, and CVV — by falsely claiming they’re owed a €499.99 refund.

Fake Charge and Urgent Refund Message

The scam page is designed to look like a legitimate Avast web portal by loading the genuine Avast logo from Avast’s own content network, complete with typical navigation links such as Home, My Account, and Help. A warning message claims that cancellation requests must be submitted within 72 hours but also contradictorily notes that transactions older than 48 hours “can no longer be cancelled.”

Central to the deception is a transaction record that displays the current date (determined by the visitor’s local clock) alongside a fixed -€499.99 charge. This figure is intentionally large enough to alarm victims but not so high as to seem implausible for a yearly subscription. There is no actual transaction or access to any real Avast account — the amount exists purely to prompt users to act.

Personal and Card Data Collection

Below the bogus charge, the form asks visitors to select a reason for the refund (such as Avast refund, Fraudulent transaction, Duplicate transaction, or Other) and fill in detailed personal data: first and last name, email, phone, street address, city, region, and postal code.

After completing the personal details, victims are prompted in a modal dialog titled “Card Information” to enter their credit card number, expiration date, and CVV — supposedly to issue the refund.

To make the scam appear more legitimate, the page even validates card numbers using the Luhn algorithm (the same mathematical check used by banks), rejecting invalid values before allowing them to be sent. Once the victim clicks Confirm, all submitted data is sent to a backend script (send.php) as a JSON object containing their name, address, and full payment information.

Afterward, victims are redirected to a fake “Your application is being processed — Thank you for your inquiry.” confirmation page, which includes a button labelled “Uninstalling Avast” — a further psychological nudge pushing victims to remove security software.

Embedded Live Chat Aid

Unlike many phishing scams, this one embeds a real-time live chat widget from a legitimate support platform (Tawk.to) in the bottom corner. This enables the operators to engage directly with confused visitors and coax them into providing their card details, turning a static scam page into an interactive fraud operation.

Who This Scam Targets

According to the analysis:

• Existing Avast customers who see the familiar branding and think the message is real.
• Forgotten or dormant users who vaguely remember subscribing.
• Non-customers who panic at an unexpected charge and assume their details were stolen.
• Opportunists who believe they can collect money they think they’re owed — only to lose their own.

How to Spot a Scam and What to Do

Warning signs include:

• A charge you don’t recognize that automatically shows today’s date.
• Urgent deadlines and cancellation pressure.
• Requests for full credit card details for a “refund.”
• No login or account verification required.
• Embedded live chat prompting you to continue.
• Instructions to uninstall your security software.

If you’ve entered your details:

• Contact your bank or card issuer immediately to cancel the card.
• Dispute any unauthorized charges.
• Run a full malware and security scan.
• Change passwords for any accounts linked to the email used.