Scammers Spread False Support Info Using Legitimate Websites
Summary:
Cybercriminals are hijacking search engine results by creating fake sponsored ads that impersonate customer support pages for major brands like Apple, Microsoft, Facebook, HP, Netflix, PayPal, and Bank of America. These scams exploit users’ trust in familiar brand names and begin when a victim searches for help using a search engine like Google. The scammers pay for a sponsored ad that appears at the top of the search results, mimicking the legitimate brand's tech support page. When users click the ad, they are redirected to what appears to be the brand’s official website complete with a proper URL and familiar branding, but with one critical difference. Instead of displaying the actual support number, the website has been manipulated to show a fake phone number controlled by the attackers.
According to Malwarebytes researchers Pieter Arntz and Jérôme Segura, this is achieved through a technique called “search parameter injection.” The attackers craft a malicious URL that abuses the brand’s search or help functionality to inject false information — in this case, a fake support number — directly into the page. The browser still shows the genuine domain, which helps the scam bypass user suspicion and browser security checks. Once the victim calls the fake number, the scammers impersonate tech support representatives, often claiming the user’s account or device has been compromised. They may pressure the victim into disclosing personal or financial information, or instruct them to install remote access software, allowing the attacker to take control of the device and potentially steal sensitive data or plant malware.
Security Officer Comments:
These attacks are particularly dangerous because they blend social engineering with technical manipulation, using legitimate infrastructure to distribute false information. The researchers emphasize the importance of vigilance, advising users to scrutinize URLs for suspicious parameters like unexpected phone numbers or urgency-driven phrases such as “call now” or “emergency support.” They also recommend verifying phone numbers through trusted channels such as official emails, the company’s verified social media pages, or the contact details printed on statements or packaging. If there’s any doubt, users should cross-check the number with the brand’s official website by navigating there directly rather than relying on search results.
Suggested Corrections:
To mitigate the risk of falling victim to these scams, users should avoid clicking on sponsored search results when seeking technical support and instead navigate directly to the company’s official website. Employing browser extensions or antivirus solutions that flag malicious or suspicious redirects can provide additional layers of protection. Organizations should also monitor for misuse of their branding in paid search results and report fraudulent listings promptly. Education remains critical, businesses and individuals should be made aware that even seemingly legitimate websites can be manipulated to display false contact information. When in doubt, users should never share sensitive data or allow remote access unless they are certain they are communicating with an official representative.
Link(s):
https://www.darkreading.com/cloud-security/scammers-spread-false-support-info-legitimate-websites
https://www.malwarebytes.com/blog/n...icrosoft-and-more-to-insert-fake-phone-number
Cybercriminals are hijacking search engine results by creating fake sponsored ads that impersonate customer support pages for major brands like Apple, Microsoft, Facebook, HP, Netflix, PayPal, and Bank of America. These scams exploit users’ trust in familiar brand names and begin when a victim searches for help using a search engine like Google. The scammers pay for a sponsored ad that appears at the top of the search results, mimicking the legitimate brand's tech support page. When users click the ad, they are redirected to what appears to be the brand’s official website complete with a proper URL and familiar branding, but with one critical difference. Instead of displaying the actual support number, the website has been manipulated to show a fake phone number controlled by the attackers.
According to Malwarebytes researchers Pieter Arntz and Jérôme Segura, this is achieved through a technique called “search parameter injection.” The attackers craft a malicious URL that abuses the brand’s search or help functionality to inject false information — in this case, a fake support number — directly into the page. The browser still shows the genuine domain, which helps the scam bypass user suspicion and browser security checks. Once the victim calls the fake number, the scammers impersonate tech support representatives, often claiming the user’s account or device has been compromised. They may pressure the victim into disclosing personal or financial information, or instruct them to install remote access software, allowing the attacker to take control of the device and potentially steal sensitive data or plant malware.
Security Officer Comments:
These attacks are particularly dangerous because they blend social engineering with technical manipulation, using legitimate infrastructure to distribute false information. The researchers emphasize the importance of vigilance, advising users to scrutinize URLs for suspicious parameters like unexpected phone numbers or urgency-driven phrases such as “call now” or “emergency support.” They also recommend verifying phone numbers through trusted channels such as official emails, the company’s verified social media pages, or the contact details printed on statements or packaging. If there’s any doubt, users should cross-check the number with the brand’s official website by navigating there directly rather than relying on search results.
Suggested Corrections:
To mitigate the risk of falling victim to these scams, users should avoid clicking on sponsored search results when seeking technical support and instead navigate directly to the company’s official website. Employing browser extensions or antivirus solutions that flag malicious or suspicious redirects can provide additional layers of protection. Organizations should also monitor for misuse of their branding in paid search results and report fraudulent listings promptly. Education remains critical, businesses and individuals should be made aware that even seemingly legitimate websites can be manipulated to display false contact information. When in doubt, users should never share sensitive data or allow remote access unless they are certain they are communicating with an official representative.
Link(s):
https://www.darkreading.com/cloud-security/scammers-spread-false-support-info-legitimate-websites
https://www.malwarebytes.com/blog/n...icrosoft-and-more-to-insert-fake-phone-number