Image: Tada Images/Shutterstock.com
Cybercriminals are becoming increasingly sophisticated. A recent scam shows just how professionally phishing is now organized. As reported by the CHIP portal, fraudsters are currently posing as the well-known security provider Avast—and luring users into a malicious data trap with a supposed debit of €499.99.
The problem: at first glance, the fake website looks deceptively genuine. Logos, colors, and design are almost identical to the original. Many users only realize far too late that they have just disclosed their sensitive payment details.
The shocking €499.99 message: How the trick works
The introduction to the scam is deliberately dramatic. The fake Avast page displays a supposed debit notification for €499.99.
To make the notification appear credible, the fraudsters use an automated script: the current date is inserted dynamically. This makes it look as if the charge has just been made.
The message behind this is clear: to create panic.
People who believe they have just lost several hundred euros often react reflexively—and that is exactly what the perpetrators are counting on. Victims are asked to enter their credit card details in order to check or stop the alleged transaction.
Technically clever: even the credit card check looks real
The scam site is not only visually appealing, but also technically sophisticated.
Credit card numbers entered are first checked automatically using the Luhn algorithm. This procedure is also used in real payment systems to check card numbers for plausibility.
To victims, this appears to be a legitimate security check. In reality, this technique merely ensures that only valid credit card details are forwarded to the perpetrators.
Once the data has been entered, it is transmitted directly to the fraudsters' servers.
In addition, the site simulates a live chat customer service feature to build trust. Even without logging in, users can fill out forms—a trick to lure as many people as possible into the trap.
Fake emails as door openers
Often, the scam does not begin directly on the website, but with a seemingly official email. The company is also aware of the problem, and Avast provides information about known scams on its website.
Fraudsters use various scenarios to do this:
- alleged subscription renewals
- supposed payment confirmations
- Warnings about expiring virus protection
- fake tech support
- dramatic virus warnings
- alleged password issues
Such messages always have the same goal: to get users to click on a link or disclose personal data as quickly as possible.
Typical warning signs include a lack of personal salutations, conspicuous urgency, strange sender addresses, or links with minimally altered domains.
What those affected should do immediately
Anyone who has already entered credit card details on such a site should take immediate action.
Important steps are:
- Notify your bank or credit card provider immediately
- Have your card blocked if necessary
- Change passwords
- Activate two-factor authentication
- Check devices with up-to-date security software
The faster you react, the greater the chances of limiting financial damage.
How to protect yourself from phishing attacks
Phishing thrives on stress, inattention, and uncertainty. By following a few basic rules, you can spot many attacks before they happen.
Helpful protective measures include:
- Update software and operating system regularly
- Use two-factor authentication
- Check links in emails carefully
- Do not open unknown attachments
- Never send sensitive data directly by email.
One simple rule always applies: Reputable companies do not request sensitive data via dubious links or unexpected emails.
Critical commentary
This case shows once again how easy it is to manipulate trust on the internet. A well-known logo, a professional layout, and a little technical know-how are often enough to get people to disclose their data.
What is particularly problematic is that many users believe they are automatically protected by antivirus software. The reality is much more sobering: the biggest security gap is often still sitting in front of the screen.
Unfortunately, as long as basic digital literacy is not more widespread, such fraud models will continue to work—regardless of which company is being misused as a cover.
