Author Topic: We're getting more transparent about your data [PHISHING attack?]  (Read 7042 times)

0 Members and 1 Guest are viewing this topic.

Offline complex

  • Newbie
  • *
  • Posts: 3
Here's the text of an email - with the subject line "We're getting more transparent about your data" - that appeared in my Inbox approx. 13 hours ago:-

Quote
We’re making some changes   
 
We noticed you haven’t logged into your account in a while.

We just updated our privacy policy to make it more transparent and comply with new EU General Data Protection Regulations (GDPR), so If you want to keep your account active, you need to click the button below. If you don’t log in within 14 days, we’ll be forced to shut down your account.

If you keep your account active, we will also send you the latest online security news and product updates   
 
KEEP MY AVAST ACCOUNT [web button]
 
Thanks for your time,
The Avast Team

It looks quite legitimate to me except for one thing - it was sent to an email address that I don't believe Avast has. Thoughts?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #1 on: August 08, 2018, 09:35:45 AM »
I have yet to receive this but it seems strange that this comment was made.

"If you don’t log in within 14 days, we’ll be forced to shut down your account."

I have received lots of these EU General Data Protection Regulations (GDPR) as everyone who does business within the EU has to comply with them.  I don't believe it is necessary for you to actually keep something active other than to acknowledge receipt and acceptance, etc.

This EU General Data Protection Regulations (GDPR) is certainly an opportunity for Phishermen to step out.

However, the simple content of the email doesn't give enough information, that can come from the email headers and would need to be analysed to determine who it actually came from.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline complex

  • Newbie
  • *
  • Posts: 3
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #2 on: August 09, 2018, 08:10:17 AM »
Thanks for your reply DavidR. Helpful and appreciated.

I considered posting the relevant email headers, but perhaps this is unwise on such an open forum (?)

Naturally I won't be acting on the email. Will keep the forum posted if anything futher happens.

Best wishes

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #3 on: August 09, 2018, 10:17:40 AM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline carlosbafi

  • Newbie
  • *
  • Posts: 1
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #4 on: August 15, 2018, 01:05:12 AM »
Hello Complex and DavidR

I also received the same email as Complex and I was struck by the phrase "If you do not do it within 14 days, we will be forced to close your account".

I clarify that I am in Argentina

I do not trust this email, so, like Complex, I will not do anything and wait for Avast to have news or communications.

I thank both of you for the publication of the topic and its treatment.

Friendly greetings for both

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #5 on: August 15, 2018, 02:01:31 AM »
No problem and welcome to the Avast forum.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gerri716

  • Newbie
  • *
  • Posts: 1
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #6 on: August 19, 2018, 05:18:51 PM »
This is my first visit to the forum and I also came here to find out if this email is real or not.  The part about shutting down my account made me really suspicious.  Thanks for any input.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #7 on: August 19, 2018, 05:31:05 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Maruquel

  • Newbie
  • *
  • Posts: 1
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #8 on: August 19, 2018, 07:44:59 PM »
Lo acabo de recibir, estoy en Panamá y al igual estoy muy sospechosa.

Offline stu8

  • Newbie
  • *
  • Posts: 1
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #9 on: August 20, 2018, 02:01:16 PM »
I too have received the same email and am very suspicious.
I logged into my account via my browser and checked the privacy policy.
I would have thought that there would have been an "Accept" button to click to accept the changes if there was a need to do so.
I have tried the support section but no mention of this.
Be interesting to see how it pans out.

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1069
  • Product Manager
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #10 on: August 20, 2018, 05:51:59 PM »
The email is legitimate. It's being sent to email addresses that aren't active on Avast account and we want to be sure before deletion that user doesn't want to keep the account. If user clicks on the button in email or logs in into Avast account we take them as active and won't delete the Avast Account.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #11 on: August 20, 2018, 06:24:00 PM »
The email is legitimate. It's being sent to email addresses that aren't active on Avast account and we want to be sure before deletion that user doesn't want to keep the account. If user clicks on the button in email or logs in into Avast account we take them as active and won't delete the Avast Account.

I have to say it is poorly worded (or example) as I don't believe the EU General Data Protection Regulations (GPRD) information should be combined with anything else, like logging on, etc. 

That just looks like a phishing exercise, as there should be no requirement to have to do anything else to comply on the part of the user.

I have had many emails about GPRD and all they have done is let the person know that they comply with the GPRD rules.

Also the "If you keep your account active, we will also send you the latest online security news and product updates" is essentially authorisation to spam.  Again I don't feel this should be a part of any GPRD compliance notification.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1069
  • Product Manager
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #12 on: August 21, 2018, 12:26:26 PM »
Yeah I agree that the wording isn't good and shouldn't be related to GDPR. We should have done this cleanup even before GDPR. The email should be just friendly reminder if you still need the account. Other option would be that we delete the account automatically, but that's not really user friendly.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: We're getting more transparent about your data [PHISHING attack?]
« Reply #13 on: August 21, 2018, 12:44:26 PM »
Yeah I agree that the wording isn't good and shouldn't be related to GDPR.

We should have done this cleanup even before GDPR. The email should be just friendly reminder if you still need the account.

Other option would be that we delete the account automatically, but that's not really user friendly.

Agreed, the cleanup could/should have been done at a different time.

I'm not sure auto deletion is a good idea, regardless of it not being very user friendly.  The user may no longer be active (for an indeterminate period) but if they have made a contribution to the forums what happens to their posts.  Not only that people change AVs and could well come back to Avast and the forum only to find their account deleted.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security