Scammers are actively exploiting websites’ search functionality to insert fake phone numbers and then advertise these URLs on Google. This way, the victims go to the legitimate website but get fraudulent information.
Bank of America, Netflix, Microsoft, and other websites are under active exploitation in a novel fraud campaign.
Malwarebytes has shed light on a cybercrime scheme that’s both absurdly simple and genius.
Scammers exploit a simple search functionality: if you search for anything on a website, you get a link that leads to the landing page containing that specific phrase.
“Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us,” the report warns.
For example, scammers exploit Netflix’s Help Center search by entering their scam phone number into the search input. They search for their scam number and get a unique link to the landing page. While it may not contain any useful information, the scam number still appears for visitors.
Then, cybercrooks buy ads that lead to these crafted websites.
“Cybercriminals pay for a sponsored ad on Google pretending to be a major brand. Often, this ad leads people to a fake website. However, in the cases we recently found, the visitor is taken to the legitimate site with a small difference,” Malwarebytes Labs explains.
This type of scam is very dangerous because it leads visitors to legitimate websites.
“Scammers hijack websites of Bank of America, Netflix, Microsoft, and more,” the researchers warn.
Many legitimate websites offer visitors search functionality in their help or support sections. Hackers exploit poisoned search results to target users who look for help online. The first thing the victim sees on top of the search results is a sponsored malicious ad. The click leads to the poisoned search results page with a scam number.
“Once the number is called, the scammers will pose as the brand with the aim of getting their victim to hand over personal data or card details, or even allow remote access to their computer,” Malwarebytes said.
“In the case of Bank of America or PayPal, the scammers want access to their victim’s financial account so they can empty it of money.”
The researchers warn that many services lack proper sanitization or validation for search queries, making these poisoned pages possible. PayPal, Apple, Microsoft, Facebook, Bank of America, HP, and other websites were found to be susceptible to poisoning techniques.
Users should be extra careful and check the website’s addresses (URL) for suspicious terms, such as “Call Now,” “Account suspended”, “Emergency support,” phone numbers, and lots of encoded characters. Verify that the website is an actual support page and not just a search results page.
Don’t trust search results blindly, as they can be poisoned using SEO manipulation and malware. In-browser warnings may alert about known scams, but cybercrooks are quick to adapt their links, ads, and other techniques.
Your email address will not be published. Required fields are markedmarked