A new wave of tech support scams has been uncovered, targeting users by manipulating legitimate websites of major companies, including Bank of America, Microsoft, Netflix, and others, to display fake customer service numbers.
According to a report from cybersecurity firm Malwarebytes, attackers are exploiting a tactic known as search parameter injection to make scam phone numbers appear on genuine company pages.
The scammers are purchasing Google ads that direct users to real support or help center pages of companies such as Apple, HP, Facebook, and PayPal. But instead of luring victims to fake or phishing websites, the links cleverly manipulate search parameters on the official pages.
While the browser shows the real website address, the search results are poisoned to display the scammer’s number, making users believe that it is the real support line.
Once a victim calls the number, scammers pose as official representatives and attempt to extract personal information, financial credentials, or gain remote access to the user’s computer. In cases involving financial institutions like Bank of America or PayPal, the end goal is to drain the victim's account.
Malwarebytes noted that while some scams are more obviously suspicious while others, particularly those involving Apple and Netflix, are harder for users to identify as fake due to the seamless integration of the scam number into the page.