Author Topic: Fake avast email or very poor avast email?  (Read 3845 times)

0 Members and 1 Guest are viewing this topic.

Offline Simon_uk

  • Newbie
  • *
  • Posts: 2
Fake avast email or very poor avast email?
« on: April 28, 2015, 10:58:27 AM »
Had an email from 'Avast' telling us our Avast Pro Antivirus Subscription will be automatically renewed before the expiration date.  There is a link to follow to access my account on there; https://avast-uk.nexway.com/  along with a password in clear text!!!

I went direct to the Avast website not the above one (nexway.com) as you should NEVER follow links in an email for logging in to accounts, and logged in to my account with my password (which isn't the one shown in clear text on the email might I add).  Nowhere in my account (my.avast.com) can i find ANYTHING about auto renewals or payments.

Is the above email a scam, or does Avast promote insecure practics and insist I follow a link to a website I don't know, using a password I don't know, sent in an insecure email in plain text??!
I'm stuck, with Avast apparently having a Scheduled Transaction date 2 weeks (not 'a few days' as per the email contents) before the expiry date, and not being able to verify anything on the proper login due to renewals/payments information not existing!   Do I need to claim a chargeback from our credit card provider after payment is taken? as I an not verify the legitimacy of the email and also am unable to find any page relating to renewal or payment once logged in to my account.


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Fake avast email or very poor avast email?
« Reply #1 on: April 28, 2015, 03:09:40 PM »
It is a fully legal email from Nexway.
You do know Nexway, because you purchased the license for avast through them.

Automatic renewal is something you agreed with while purchasing the license.
You can disable/enable it in your order details:
https://store.avast.com/DRHM/store?Action=DisplayCustomerServiceOrderSearchPage&SiteID=avast

Offline lukas.hasik

  • Avast team
  • Advanced Poster
  • *
  • Posts: 905
  • Product manager of Mac AV and Cleanup
Re: Fake avast email or very poor avast email?
« Reply #2 on: April 28, 2015, 03:18:12 PM »
Had an email from 'Avast' telling us our Avast Pro Antivirus Subscription will be automatically renewed before the expiration date.  There is a link to follow to access my account on there; https://avast-uk.nexway.com/  along with a password in clear text!!!

I went direct to the Avast website not the above one (nexway.com) as you should NEVER follow links in an email for logging in to accounts, and logged in to my account with my password (which isn't the one shown in clear text on the email might I add).  Nowhere in my account (my.avast.com) can i find ANYTHING about auto renewals or payments.

Is the above email a scam, or does Avast promote insecure practics and insist I follow a link to a website I don't know, using a password I don't know, sent in an insecure email in plain text??!
I'm stuck, with Avast apparently having a Scheduled Transaction date 2 weeks (not 'a few days' as per the email contents) before the expiry date, and not being able to verify anything on the proper login due to renewals/payments information not existing!   Do I need to claim a chargeback from our credit card provider after payment is taken? as I an not verify the legitimacy of the email and also am unable to find any page relating to renewal or payment once logged in to my account.

Hi Simon,

sorry for a confusion! We should be able to do it better. I hope that we will improve it soon. Let me explain...

1) it's not a scam. Avast is using Nexway and Digital River to process the payments - https://www.avast.com/en-us/faq.php?article=AVKB24#artTitle
2) if there was NO password in the email then it's a bug (let me check it)
3) the auto-renewal information (and options) should appear at the my.avast website (soon)
4) to disable AutoRenewal from Nexway - please follow steps at https://www.avast.com/en-us/faq.php?article=AVKB136  (for Digital River - https://www.avast.com/en-us/FAQ/AVKB126)

thank you for pointing it out. We are working on improving the user experience!
Quality is also a feature.

Offline Simon_uk

  • Newbie
  • *
  • Posts: 2
Re: Fake avast email or very poor avast email?
« Reply #3 on: April 28, 2015, 03:52:33 PM »
EDDY:
I am in Purchasing so I don't remember every gateway/processor for every product I purchase, and 'Nexway' is not one I come across daily, so no way I'd remember that after a year.
I'm not disputing agreeing to the Automatic renewal, I was disputing the ability to review this using the known SECURE method of going to the service provders own website (avast.com), logging in to my account and managing my account.

LUKAS:
Thank you for answering my question, much appreciated.
There being no information in any way shape or form re renewal information only added to my suspicion.  A simple link for renewals to the address given on the email would have comfirmed the email was legitimate.
Forcing customers to only be able to blindly click on a link, and blindly assume it's not a phishing scam goes against all security advice.
NB: There WAS a password in the email and that was the problem, security basics: never send passwords in plain text in emails.
Thank you Lukas.

Offline lukas.hasik

  • Avast team
  • Advanced Poster
  • *
  • Posts: 905
  • Product manager of Mac AV and Cleanup
Re: Fake avast email or very poor avast email?
« Reply #4 on: April 28, 2015, 05:18:10 PM »
EDDY:
I am in Purchasing so I don't remember every gateway/processor for every product I purchase, and 'Nexway' is not one I come across daily, so no way I'd remember that after a year.
I'm not disputing agreeing to the Automatic renewal, I was disputing the ability to review this using the known SECURE method of going to the service provders own website (avast.com), logging in to my account and managing my account.

LUKAS:
Thank you for answering my question, much appreciated.
There being no information in any way shape or form re renewal information only added to my suspicion.  A simple link for renewals to the address given on the email would have comfirmed the email was legitimate.
Forcing customers to only be able to blindly click on a link, and blindly assume it's not a phishing scam goes against all security advice.
NB: There WAS a password in the email and that was the problem, security basics: never send passwords in plain text in emails.
Thank you Lukas.

Ooops, I missed that "plain password" part. Yes, you are right, it's not good practice.
Fortunately, you are able to "only" cancel autorenewal or download the license with this password.
Quality is also a feature.