Cybercriminals are constantly evolving their tactics, and a recent scam has emerged that can trick even cautious users. Security company Malwarebytes has uncovered a method where scammers inject fake phone numbers into well-known websites. These include major sites like Apple, PayPal, Microsoft, Netflix, and others—right within the address bar. This sneaky trick can make malicious numbers appear as if they’re part of the real site, luring unsuspecting users into calling scammers’ fake support lines.
How Does the Scam Work?
The scammers are leveraging Google ads to position their malicious links at the top of search results for popular brands. When you click on these ads, they lead to the official websites (like microsoft.com or apple.com) but with added URL parameters that are not visible in the address bar.
These parameters, hidden from view, inject fake phone numbers into the webpage you see. So, even if you’re careful and check the URL, the fake number appears seamlessly integrated into the page, making it look legitimate. If you call that number, you might connect with scammers pretending to be official representatives, aiming to steal your personal information or money.
Why Is This Dangerous?
Many people rely on verifying the address bar to confirm they’re on a legitimate site. Unfortunately, this scam exploits how websites process URL parameters, which can be manipulated without alerting the user. Vulnerable individuals—such as those with visual impairments, cognitive challenges, or simply in a hurry—may not notice the fake number, increasing the risk of falling for the scam.
Once connected, scammers may attempt to:
- Trick you into revealing login credentials
- Steal payment information
- Gain remote access to your devices
Protecting Yourself
- Be cautious clicking on Google ads for brand searches. Instead, navigate directly to the official website .
- Double-check URLs: Look carefully at the address bar for any unusual parameters or discrepancies.
- Be cautious with phone numbers on websites: If a number looks suspicious or out of place, verify it through official channels.
- Use security tools: System and browser security features or security software can help alert you to suspicious activity. Built in tools like Windows Defender, your browser’s security options, and extensions such as Malwarebytes’ Browser Guard.
- Stay informed: Awareness is your first line of defense against evolving scams.
This scam highlights how cybercriminals are continuously finding new ways to deceive users. Always verify the authenticity of websites and be skeptical of unexpected calls or messages, even if they seem to come from trusted brands. If you’re unsure, contact the company directly using contact details from their official website or customer support.
Stay vigilant, and don’t let scammers catch you off guard!
Leave a Reply