[Resolved] New e-mail/phone scam aimed at Avast users.

Below is what I just sent to Avast support. I’m including it here because I’m hoping that anyone who is about to fall prey to this scam and searches the web will find this thread and be warned before they get scammed worse that our friend. I know when I searched for it, I found nothing.

“My son put Avast on a friends computer, after a few months he received an email that he could buy the full version for $29 dollars and an 1-800 number to call. The call was to India, the tech. asked for his computer password and full access to his system on-line. The tech. made some changes and then told him that his system was still showing signs of McAfee and Norton so Avast would not work right. He told them he had someone to work on his computer, the tech. told him that a his repair man would not be able to fix it, but for $169 he would get a life time lic. and they would access his computer when ever needed to keep it current. He has not given them any money yet but they have accessed his computer directly, he also still has all emails and information they gave him. What should we have him do now?”

I will post Avast’s answer when I receive one. I do know that Avast doesn’t have an 1-800 number and their techs don’t ask for your password to access your computer on-line.

I believe that you are correct about Avast not having a 800 number. However,they have two 877 numbers

Phone support

FREE product users call +1 877-877-9362
PAID product users call +1 877-314-5079

English telephone support for installation, configuration, and trouble-shooting is now available for your avast! product. Call toll-free from the: USA, Canada



http://www.avast.com/support

This smells like Iyogi
If it was Iyogi (Avast!'s official support) then you have nothing to worry about.

this sounds a bit like this post:
http://forum.avast.com/index.php?topic=62517.0
though i read the iyogi one, and im not sure why they would need your password, unless u had something like UAC active and had to use a password to confirm it was an administrator.

To me it sounds like a scam for a couple of reasons:

Avast AFAIK does not use 800 prefix numbers
As stated above, the calls to Avast tech support, under the Contact Us section of the website are 877 prefixes, not 800
I hope your friend did NOT accept the money that the tried to solicit for him to fix his computer.

But it raises a question, what does Avast actually do with the e-mail address that it needs for users to complete the registration process?

Jack

Why is such a great company like Avast using such a POS company like Iyogi for their services? This makes absolutely no sense!

Jack

Well, they needed some official line of support. They where unable/unwilling to do this themselves, and the companies user base has seen a big swell, so the needed a more
volume-based support system, especially with more people using paid versions. Thus…offshore support. Something was needed. Whether or not Iyogi is the answer, I can’t say. I really don’t like offshore support, but when every other company is doing it…sadly, sometimes you just have to get in where you fit in.

As much as the forum gets hyped as the best support solution, some people just do not have time for the slow back-and-forth that comes with it, and customers (especially paying ones) expect a very “McDonalds Have-it-Your-Way, Yes-Sir-No-Sir, Would-You-Like-Fries-With-That-Sir” kind of attitude, and they often will not get that here.

im just amazed how people could actually be so naive, and this bad attiude made him being scammed.
he should, undoubtly, format his computer (install a fresh OS) + CHANGE IP IMMIDIATELY.
oh, and next time he needs to think before he gives details which obviously avast company won’t ask!

no matter what, he won’t be safe 100% untill he will install his os from 0 and he will change his ip asap, if he can change his ip while formating, that will be great.
(hackers can track a new windows by using an ip address, and backwards.

What… ???

Until the OP determines if this was indeed Iyogi or not, such a drastic action is beyond silly.

thatwasnotcool

What...... ???

Until the OP determines if this was indeed Iyogi or not, such a drastic action is beyond silly.

thatwasnotcool


give me your os details [ip and clear access] and give me 20 minutes and we will see if what ive said was beyond silly, you either:

  • have a lack of computer experience (a.k.a n00b without disrespect).
  • too naive to understand the real danger.
  • on alcohol.

and im 100% serious (btw im a coder and ik more then you think, and probably more than you).

All of the above and then some. ;D You could dump oceans in the gaps in my knowledge, and have room left over.

None of that changes that you are recommending a reformat to someone without knowing the whole story.

ZOMG!!!

All of the above and then some. ;D You could dump oceans in the gaps in my knowledge, and have room left over.

None of that changes that you are recommending a reformat to someone with out knowing the whole story.


if he gave someone access to his computer, you don’t need to know anything else - this is a basic rule and you just failed badly.
you can never know if your OS is decent or not, it’s probably infected (not sure) and will have registery leftovers which will assist the scammers to reconnect.
i helped many people (in about 5-7 years) on the hardware/software sections, on many forums, i got knowladge and i even know all of the microsoft tasks memorized.
in the moment that someone gained access to your computer, your av and firewall won’t help [my friend used to do that without scamming people aka hacking :), and he was showing that to me (btw he stopped to do that long ago!)
anyway, the solution i gave was only a suggestion, after all, im not the one who got scammed - just tried to help him

The FUD is strong in you. ;D

Iyogi is Avast!'s “legitimate” offshore support company, based in India, and they use remote access. I’m not saying this is or wasn’t them, but I see enough to question any further action till the OP fills in the blanks. JMH>nOOb<O

It will be interesting to see what new information comes out of this. I have been studying all the comments in this thread. All sides are making some good points.

Jack

Ok folks, here is the first update.

First, no answer from Avast.

Second, it turns out after looking at the e-mails, links, software and browser history that he bought the special priced upgrade from Avast themselves (3 Computers, 1 year for $29.99).

Third, the trouble really began when he got the receipt for that amount from ELEMENT5.

He searched the net and found all kinds of posts about people receiving charges from ELEMENT5 on their credit cards for things they didn’t know anything about. So he panicked and called the number (he said an 800 number) and the rest of the story is the same as above. I have yet to get what number he called so I can see just who it was that accessed his computer. That said the patient is alive and well, we have put on a fresh copy of Avast 6 Free because he is disputing the charge. If after we explain to him what happened, he approves the charge we will activate the paid version. The system was scanned with several utilities and Avast itself and no malware was found, so the Avast tech. support idea may be on track, but with have to wait for the number he called. The registry was a little messed up but nothing we have not been able to straighten out and we have no evidence that is was caused by who ever was remotely connected.

Fourth, now for those you that don’t know who or what ELEMENT5 is (and the way it looks on the net that must be a lot of you) it is the “checkout/billing” division of Digital River and their partners. Digital River handles software download purchases for the the likes of Microsoft, Avast, Broderbund, etc. So I find it really odd that so many people don’t know what ELEMENT5 is, as they are all running around because it is tied to so many servers, etc. Well each Digital River partner has their own store front and of course their own ELEMENT5 accounts, so it would not surprise me that they have a lot of servers. Now that doesn’t mean that some of the smaller partners might not being following the code of conduct to the letter. But if that is the case, you can report them to ELEMENT5 and have them suspended.

So, when I get more information I will post again.

Ok, thank you for the update.

ELEMENT5 is used by many software companies and is a legitimate billing company, but do keep us informed.

Right you are, ELEMENT5 is an e-commerce service offered by Digital River since 1998. Digital River is a US e-commerce outsourcing company which has been in business since 1994. They also acquired SWREG, another online payment processing company, in 2005.

I have seen all this at the bottom of Avast’s software checkout page, but it is in small print at the bottom of the page and you have to scroll down to see it. Most people have never learned to read the whole web page before clicking on “Accept”.

I agree with you…that’s why I read the small print. ;D

To answer your questions in your prior posts:

You may want to contact Avast http://www.avast.com/contact-form.php?loadStyles and use the drop down menu.

You may want to contact or log into your phone company to see what phone # was called on that date. Often you can do a reverse phone look up online as well.

For your concerns re: 3 and 4, I think we addressed this already. Please let us know if you have other concerns and how we can help you. Thank you.