New McAfee tech support scam targets users’ personal and credit card information

  • The information collected by scammers includes users’ names, email addresses, card numbers, expiry dates, CVC numbers and more.
  • Users have been advised to monitor their credit reports for any unusual activity.

A new McAfee tech support scam has been discovered targeting users’ personal and credit card information. This browser-based scam tricks users into believing that their McAfee subscription has expired and needs to be renewed.

Modus operandi

Users are sent a warning message on their browsers, which states “Your Mcafee subscription has expired on 18 October 2018”. The message is designed to trick users into renewing the subscription by clicking on the ‘Renew Now’ button displayed on the screen.

Once a user clicks on the button, he/she is redirected to a new page that asks for his/her credit card information. This is followed by another form that asks for additional personal information.

The information collected by scammers includes users’ names, email addresses, card numbers, expiry dates, Card Verification Code (CVC) numbers, home addresses, city, state, zip code and phone numbers.

As soon as the user submits the required data, he/she is taken to a page that connects to https[:]//www.onlineav-shop[.]com/ajax/Default.aspx/SaveCardInfo. The link is used by scammers to exfiltrate and store the information provided by the victim.

Once the user has submitted all the information demanded by the scammers, he/she is redirected to a “thank you” page that contains a toll-free number. The scammers trick users into believing that they must call the specified number to download the active subscription on his devices.

However, the scam call connects the user with a scammer who pretends to be associated with McAfee. The scammer requests the user to allow remote access to his/her computer to install the software. Once connected, the scammer informs the victim that the installation has failed due to an issue with the credit card payment process and that he needs to purchase the software through McAfee’s website. In other words, the scammers have found a devious way by which to gain remote access to victims’ PCs.

Scam site also pushes adware

Apart from stealing information, the same scam site is also used to host and distribute unwanted adware, Thomas Roccia, a security researcher at McAfee Labs found, BleepingComputer reported.

Once installed, the adware creates several randomly named executables on the infected PC. It also redirects the victims to fake blogs, unwanted chrome extensions, adware downloads, and adult sites.

How to stay safe?

Users are advised to review their credit card report to determine whether they may have made any payments to such scams. Users should also monitor their credit report for any unusual activity.

Scammers rely on people’s intrinsic nature to trust content from a trusted brand. It is therefore imperative that users always be wary of any emails or messages sent to them, double checking the email address. It is also advisable to always download software from the official website of the software provider.

Cyware Publisher