Cybercriminals Compromise Websites of Major Corporations, Including Bank of America, Netflix, and Microsoft, to Implant Fraudulent Contact Information

Cybercriminals frequently exploit fake search engine listings to manipulate consumer trust in well-known brands for fraudulent purposes. This trend typically initiates with a sponsored search result on Google.

Recent findings revealed tech support scammers targeting individuals seeking 24/7 assistance from reputable companies such as Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal.

Here’s how these scams operate: cybercriminals invest in sponsored ads on Google, masquerading as established brands. Often, these ads redirect users to counterfeit websites. However, in the instances uncovered, visitors are led to the legitimate site, albeit with one critical alteration.

Users are directed to the help/support section of the brand’s website but are presented with a fraudulent phone number instead of the authentic one.

The address bar displays the legitimate site, which creates an illusion of safety. Nevertheless, the information presented to the visitor is misleading, as the search results have been manipulated to prominently feature the scammers’ number, disguised as an official search result.

Upon contacting this number, the fraudsters impersonate the brand with the intention of extracting personal information, banking details, or even securing remote access to the victim’s computer. In cases involving Bank of America or PayPal, the scammers aim to gain access to financial accounts to facilitate monetary theft.

A more technically accurate term for this type of deception is a search parameter injection attack, where the scammer crafts a malicious URL incorporating their fraudulent phone number into the legitimate site’s search functionality.

For instance, in the case of Netflix:

These tactics prove highly effective due to several factors:

• The authentic Netflix URL appears in the address bar.
• The page layout appears legitimate, leveraging the real Netflix site.
• The fake number is presented as a search result, giving it an official semblance.

This manipulation occurs because Netflix’s search functionality indiscriminately reflects whatever users input into the query parameter without appropriate sanitization or validation, creating a reflected input vulnerability that scammers exploit.

Fortunately, Malwarebytes Browser Guard identifies these threats, issuing a warning for “Search Hijacking Detected,” indicating that unauthorized modifications were made to search results, complete with an overlaid phone number.

However, Netflix is merely one illustration. As previously mentioned, additional brands such as PayPal, Apple, Microsoft, Facebook, Bank of America, and HP are similarly targeted by scammers.

The example involving HP highlights suspicious indicators, presenting a clear prompt that reads “4 Results for” before the scammers’ text. Yet, even on a legitimate platform, expectations of encountering a genuine number remain.

Interestingly, the scam targeting Apple displayed the scammers’ number in a manner that was particularly deceptive.

In this instance, the web page suggests to visitors that no results were found for their search, prompting them to call the displayed number, effectively steering them directly into the clutches of the fraudsters.

To safeguard against tech support scams, it’s crucial to remain vigilant. Malwarebytes Browser Guard serves as an effective protective measure against such scams, and it is free to use.

Additionally, watch for these warning signs:

• A phone number embedded in the URL.
• Suspicious terms like “Call Now” or “Emergency Support” in the browser’s address bar.
• Excessive encoded characters like %20 (for spaces) and %2B (for plus signs) in conjunction with phone numbers.
• The display of a search result prior to your inquiry.
• The use of urgent language (e.g., Call Now, Account Suspended, Emergency Support) on the website.
• In-browser alerts regarding known scams (do not disregard these warnings).

Before contacting any brand’s support number, verify the official number through prior communications or the company’s website and compare it with the number retrieved from the search results. If discrepancies arise, conduct further investigation to confirm the legitimate contact.

Should you be prompted for personal information or banking details unrelated to your inquiry during a call, terminate the conversation immediately.

Cybersecurity threats must not extend beyond mere reports. Ensure your devices remain secure by employing reliable protective software.