David - that means a member of the avast team asks not only for a URL to check it, but asks also for login information to a bank site? Never ...
You may say the user was careless, but such a question should never be asked from serious people.
Or do I misundestand something?