Tech support scammers are forcing their fake phone numbers into real webpages
- Scammers are using legitimate website to post their malicious ‘tech support’ phone numbers
- It’s called search parameter injection or reflected input vulnerability
- Attackers modify legitimate URLs with dodgy details
Fake tech support scammers are injecting fake phone numbers into legitimate websites, with major companies like Apple, PayPal and Netflix affected by an emerging type of threat that could put customers’ data at risk, experts have warned.
The scam is especially deceptive, because it bypasses the usual security checks that savvy Internet users can make like verifying the web address, but injecting malicious phone numbers onto the official sites.
Online advertising spaces are behind the attack vector, with scammers purchasing Google Ads to pose as major brands.
Watch out for these fake tech support hotlines
Click on the ad might lead to the official site, but the scammers use malicious URL parameters to modify the content displayed on the site – such as displaying fake phone numbers into support sections. Because the browser shows the legitimate domain, users are less likely to be suspicious.
Researchers at Malwarebytes describe the attack as search parameter injection attack – or reflected input vulnerability.
“Once the number is called, the scammers will pose as the brand with the aim of getting their victim to hand over personal data or card details, or even allow remote access to their computer,” the researchers explain.
Other affected sites include HP, Microsoft, Facebook and the Bank of America.
Malwarebytes is urging users to be weary of fake tech support lines by checking if the phone number is embedded into the URL (in which case, it’s almost certainly malicious), searching for unusual and high-pressure terms like ‘Call Now,’ scanning the URL for encoded characters like ‘%20’ (space) and ‘%2B (‘+’) and exercising caution if search results are shown before they’ve entered a search term.
Users can also navigate to the website’s official top-level domain (eg www.apple.com) and find their own way to support, rather than trusting ads – companies don’t typically purchase online ads to sell tech support.
You might also like
Scammers are using legitimate website to post their malicious ‘tech support’ phone numbers It’s called search parameter injection or reflected input vulnerability Attackers modify legitimate URLs with dodgy details Fake tech support scammers are injecting fake phone numbers into legitimate websites, with major companies like Apple, PayPal and Netflix affected…
