Searching for tech support on Google can lead to a dangerous trap: even if you click on the link to the official website, the phone number on the page may be fake. The official websites of major IT companies have been targeted.
Searching for tech support on Google can lead to a dangerous trap: even if you click on the link to the official website, the phone number on the page may be fake. The official websites of major IT companies have been targeted.
According to Malwarebytes, scammers have learned to embed fake support numbers into perfectly legitimate web pages by using parameters in Google ad links. When a user searches for, for example, Apple or Netflix support numbers, they may come across an ad that leads to the real site, but with the number replaced in the search bar or page content.
The mechanics are simple but dangerous: instead of creating fake websites, attackers insert a fake number simply through URL parameters. The link leads to the official domain, which reduces the user’s vigilance, but the fraudulent number is already «stitched» into the page.
Among the companies whose websites were attacked in this way are: Apple, Microsoft, Netflix, Facebook, Bank of America, PayPal, HP. The most difficult thing to notice is the substitution on the Apple website, researchers warn.
Malwarebytes recommends looking for the following signs:
To avoid this attack, the company recommends using the Browser Guard extension, which can detect and block «intercepted» search queries. It also advises never to trust phone numbers in advertisements and to check contact information directly on company websites, without going through Google Ads.
This is not the first time that Google’s advertising mechanisms have been used for fraudulent purposes. Previously, attackers created full-fledged fake sites, but now they are shifting their focus to replacing content on legitimate resources. In terms of digital hygiene, this is a new level of threat that requires greater vigilance even on seemingly safe sites.
Previously, we wrote about how a Ukrainian Software QA Engineer published a list of reliable services for verification and gave basic advice on digital security.
