Home > Cyber News > McAfee Scam Collects Credit Card Data

McAfee Scam Collects Credit Card Data

The McAfee brand was used in a recently discovered tech support scam that is gathering personal and credit card data from its victims. The tech support scam states “Your McAfee subscription has expired on 18 October 2018“. This page then prompts to renew said subscription as displayed in the image shown above.

Past technical support scams using McAfee’s brand used to just redirect you to the official website of McAfee using an affiliate link. Thus, when you pay for something on the site, it would automatically transfer part of the funds to the scammers.

Related Story: [wplinkpreview url=”https://sensorstechforum.com/hack-unhackable-bitfi-wallet-bug-bounty/”]Hack the Unhackable Bitfi Wallet and Get $100,000, Says John McAfee

However this McAfee tech support scam is a bit more sophisticated than that. After a user clicks on the “Renew Now” button, the action will trigger a small window to show up. The window has fields which require you to fill in your credit card details. Afterward, another fill-in form appears, demanding personal information from you, as seen on the right of this paragraph. All the information which the McAfee tech support scam aims in obtaining is the following:

  • Cardholder Name
  • Email Address
  • Card Number
  • Expiration Date
  • Card Verification Code (CVC)
  • Physical Address
  • State and City
  • Zip/Postal Code
  • Phone Number

After you have finished entering your information and submit it, the page will then connect to a Web address where all of this data is stored. The address is the following:

  • https://www.onlineav-shop.com/ajax/Default.aspx/SaveCardInfo

After completing all of the tasks, the page will then redirect you to a “Thank You” page which contains a rotating telephone number. You are asked to call the provided phone number for assistance in installing your purchased application.

If you dial this phone number, you will be put through to a company who are referring to themselves as a “Premium Technical Support“. Most of them will outright claim that they are partners with McAfee or even pretend to be McAfee depending on the “technician” you are speaking to on that line.

What follows is that you are requested to get remotely connected to your computer system in order to assist you in installing the anti-virus software. However, if connected, the so called “Premium Technical Support” will claim that the credit card data did not go through and that you still need to purchase the software via McAfee’s website. Then, they simply would open up a browser window and connect to one of their affiliate URL links. Malware researchers have said that they have called the number numerous times and every time they got told that a server error was present so the submitted credit card information was not stored as intended. What is more, they got told to use the website of McAfee to purchase the tool.

So, at the heart of the matter, the scammers are earning commissions from these affiliate sales, but also stealing your personal and credit card data, while doing it. That data could easily be used for making more purchases or even lead to worse things, such as identity theft by using your credentials.

If, by any chance, you succumbed to performing any of the aforementioned actions and you did fall victim to this McAfee tech support scam, then it is strongly recommended for you to take the following action:

  • Contact your credit card company
  • Cancel any unknown charges
  • Monitor your credit report for unusual activity

According to security researchers an adware program was being pushed on people’s computers. The adware in question creates executable files with random names and set them to start automatically every time a user logins to the compromised machine.

After being started, the adware will load redirects that promote adult sites, fake blogs, potentially unwanted extensions (mainly for Google Chrome), and downloads for other adware. One of the advertisements shown by this adware was exactly for McAfee, but it just redirects you to the actual, official website through an affiliate link. This advert is shown below:

Other than the advertisement shown in the above picture is only one of many other, similar ones that can show up. You can be redirected many times and land on many, different pages, all pushing similar advertisements. Be wary on what you click on and try not to download anything or give out any information for that matter.

The adware can reliably be detected by most security programs. If you see this scam, any other malware or are suspicious of your system being compromised in some way due to malware, you should perform a scan with a security tool.


Malware Removal Tool

SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Follow Me:

1 Comment
  1. Philip

    Yea i was a victim of this scam, but got lucky, i bought a new workstation and wanted to add it to my anti virus subscription, so i googled McAfee, clicked the phone number, got connected to a person, they told me to type a url address into my web browser, next thing i know, the guy was in control of my mouse and computer, but because it was a blank computer, he couldn’t find any info. I hung up, and did a factory reset on the workstation.


Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree