Backside line: A latest warning from Malwarebytes explains that customers trying to find tech assist telephone numbers can encounter faux contact data, even when visiting the official web sites of main manufacturers. Customers ought to rigorously look at textual content showing in assist web site search bars and strategy sponsored Google search outcomes with warning, if in any respect.
Many individuals possible perceive that they need to confirm URLs when visiting websites for banks, tech corporations, and different important providers to keep away from fraudulent hyperlinks. Whereas steering away from hyperlinks in suspicious emails is a widely known safety precaution, hackers additionally continuously buy sponsored Google adverts that result in faux web sites designed to steal private data.
Nonetheless, the most recent rip-off is even sneakier. As a substitute of making faux web sites, scammers inject false tech assist numbers into reliable websites by modifying parameters in sponsored search hyperlinks. Search engines like google do not show the added textual content within the URLs, and official assist pages do not block it, making the rip-off seem extra convincing.
The scheme begins when customers search Google for tech assist numbers for main manufacturers. Clicking on a prime sponsored consequence results in an precise assist web page, however the scammer’s telephone quantity seems within the web site’s search bar.
Unsuspecting customers who name the quantity, pondering they’ve reached the corporate’s name heart, are as an alternative related to scammers trying to steal account credentials or banking data. Malwarebytes experiences that attackers have focused assist pages for Netflix, PayPal, Apple, Microsoft, Fb, Financial institution of America, and HP. These hijacked search outcomes are hardest to identify on Apple’s web site.
Malwarebytes says its Browser Guard extension can detect this tactic as a search hijack and warn customers. Different crimson flags embrace telephone numbers showing on the finish of reliable URLs, extreme use of alarming language, encoded characters like “%20,” and search pages displaying outcomes earlier than customers enter a question.
To remain secure, customers ought to lookup assist numbers in beforehand verified communications, resembling previous emails or direct messages from the corporate, and examine them with present search outcomes. If a assist consultant asks for private or banking data unrelated to the problem, cling up instantly.
Manually navigating to an organization’s web site and accessing the assist part (with out counting on engines like google) also can assist keep away from hijacked sponsored hyperlinks. Verified hyperlinks can typically be present in trusted communications or on the corporate’s official social media profiles and Wikipedia web page.
