The McAfee brand was used in a recently discovered tech support scam that is gathering personal and credit card data from its victims. The tech support scam states “Your McAfee subscription has expired on 18 October 2018“. This page then prompts to renew said subscription as displayed in the image shown above.
Past technical support scams using McAfee’s brand used to just redirect you to the official website of McAfee using an affiliate link. Thus, when you pay for something on the site, it would automatically transfer part of the funds to the scammers.
However this McAfee tech support scam is a bit more sophisticated than that. After a user clicks on the “Renew Now” button, the action will trigger a small window to show up. The window has fields which require you to fill in your credit card details. Afterward, another fill-in form appears, demanding personal information from you, as seen on the right of this paragraph. All the information which the McAfee tech support scam aims in obtaining is the following:
- Cardholder Name
- Email Address
- Card Number
- Expiration Date
- Card Verification Code (CVC)
- Physical Address
- State and City
- Zip/Postal Code
- Phone Number
After you have finished entering your information and submit it, the page will then connect to a Web address where all of this data is stored. The address is the following:
After completing all of the tasks, the page will then redirect you to a “Thank You” page which contains a rotating telephone number. You are asked to call the provided phone number for assistance in installing your purchased application.
If you dial this phone number, you will be put through to a company who are referring to themselves as a “Premium Technical Support“. Most of them will outright claim that they are partners with McAfee or even pretend to be McAfee depending on the “technician” you are speaking to on that line.
What follows is that you are requested to get remotely connected to your computer system in order to assist you in installing the anti-virus software. However, if connected, the so called “Premium Technical Support” will claim that the credit card data did not go through and that you still need to purchase the software via McAfee’s website. Then, they simply would open up a browser window and connect to one of their affiliate URL links. Malware researchers have said that they have called the number numerous times and every time they got told that a server error was present so the submitted credit card information was not stored as intended. What is more, they got told to use the website of McAfee to purchase the tool.
So, at the heart of the matter, the scammers are earning commissions from these affiliate sales, but also stealing your personal and credit card data, while doing it. That data could easily be used for making more purchases or even lead to worse things, such as identity theft by using your credentials.
If, by any chance, you succumbed to performing any of the aforementioned actions and you did fall victim to this McAfee tech support scam, then it is strongly recommended for you to take the following action:
- Contact your credit card company
- Cancel any unknown charges
- Monitor your credit report for unusual activity
According to security researchers an adware program was being pushed on people’s computers. The adware in question creates executable files with random names and set them to start automatically every time a user logins to the compromised machine.
After being started, the adware will load redirects that promote adult sites, fake blogs, potentially unwanted extensions (mainly for Google Chrome), and downloads for other adware. One of the advertisements shown by this adware was exactly for McAfee, but it just redirects you to the actual, official website through an affiliate link. This advert is shown below:
Other than the advertisement shown in the above picture is only one of many other, similar ones that can show up. You can be redirected many times and land on many, different pages, all pushing similar advertisements. Be wary on what you click on and try not to download anything or give out any information for that matter.
The adware can reliably be detected by most security programs. If you see this scam, any other malware or are suspicious of your system being compromised in some way due to malware, you should perform a scan with a security tool.
SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter