Backside line: A latest warning from Malwarebytes explains that customers looking for tech assist cellphone numbers can encounter faux contact info, even when visiting the official web sites of main manufacturers. Customers ought to fastidiously look at textual content showing in assist web site search bars and method sponsored Google search outcomes with warning, if in any respect.
Many individuals possible perceive that they need to confirm URLs when visiting websites for banks, tech firms, and different crucial companies to keep away from fraudulent hyperlinks. Whereas steering away from hyperlinks in suspicious emails is a well known safety precaution, hackers additionally regularly buy sponsored Google adverts that result in faux web sites designed to steal private info.
Nonetheless, the most recent rip-off is even sneakier. As an alternative of making faux web sites, scammers inject false tech assist numbers into reliable websites by modifying parameters in sponsored search hyperlinks. Search engines like google do not show the added textual content within the URLs, and official assist pages do not block it, making the rip-off seem extra convincing.
The scheme begins when customers search Google for tech assist numbers for main manufacturers. Clicking on a high sponsored end result results in an precise assist web page, however the scammer’s cellphone quantity seems within the web site’s search bar.
Unsuspecting customers who name the quantity, considering they’ve reached the corporate’s name heart, are as an alternative linked to scammers trying to steal account credentials or banking info. Malwarebytes studies that attackers have focused assist pages for Netflix, PayPal, Apple, Microsoft, Fb, Financial institution of America, and HP. These hijacked search outcomes are hardest to identify on Apple’s web site.
Malwarebytes says its Browser Guard extension can detect this tactic as a search hijack and warn customers. Different crimson flags embrace cellphone numbers showing on the finish of reliable URLs, extreme use of alarming language, encoded characters like “%20,” and search pages displaying outcomes earlier than customers enter a question.
To remain protected, customers ought to search for assist numbers in beforehand verified communications, akin to previous emails or direct messages from the corporate, and evaluate them with present search outcomes. If a assist consultant asks for private or banking info unrelated to the difficulty, cling up instantly.
Manually navigating to an organization’s web site and accessing the assist part (with out counting on engines like google) may also assist keep away from hijacked sponsored hyperlinks. Verified hyperlinks can typically be present in trusted communications or on the corporate’s official social media profiles and Wikipedia web page.
