A new and sophisticated scam is targeting Google Search users looking for tech support, according to researchers at Malwarebytes. Scammers are buying sponsored ads that lead to the official websites of major brands like Apple, PayPal, and Microsoft. However, they use a clever trick to inject their own fake phone number onto the real page, luring unsuspecting victims into calling them directly to steal money and personal data.
How the Deceptive Scam Fools Unsuspecting Users
This scam begins with a simple Google search for a support number. A user might click on a top sponsored result, believing it to be a legitimate link from a trusted company.
The link then takes the user to the actual, official support page of the brand they were searching for. The URL in the browser bar is correct, the design is perfect, and everything appears secure. This is what makes the attack so effective; it doesn’t rely on a poorly made clone website that might raise suspicion.
The trick lies in what researchers call a “search parameter injection attack.” The scammer embeds their fake phone number directly into the ad’s URL. When the user clicks the link, the website’s own internal search function is manipulated. A small piece of code then displays the scammer’s number on the page, often overlaying or replacing the real contact information.
The High Stakes of Calling a Fake Number
Once a victim calls the fraudulent number, they are connected with a scammer posing as a helpful support agent. The agent will often create a sense of urgency, claiming there is a serious problem with the user’s account or device.
They might ask the user to download remote access software, such as AnyDesk or TeamViewer, giving the scammer full control of their computer. From there, the potential for damage is enormous. Attackers could:
- Drain funds directly from bank accounts.
- Install ransomware to lock the user’s files and demand payment.
- Steal sensitive personal information like passwords, emails, and private photos.
All of this damage starts from one phone call to a number that looked legitimate because it was on an official website.
Major Brands Impersonated in a Widespread Campaign
This is not a small-scale operation targeting obscure services. The campaign is widespread and impersonates some of the biggest companies in the world. The trust that users have in these brands is the primary weapon the scammers use against them.
Malwarebytes found fake ads and injected numbers for a long list of household names, including:
- Apple
- Microsoft
- PayPal
- Netflix
- Bank of America
- HP
Because users don’t expect to see fraudulent information on a site like Apple.com or Paypal.com, they are less likely to question the details they see, making this scam particularly dangerous.
How to Spot and Avoid this Sophisticated Trap
While these fake ads are designed to look real, there are several red flags you can watch for to protect yourself from this tech support scam. Security researchers suggest paying close attention to the details before you click or call.
The most obvious giveaway is seeing a phone number directly in the website’s URL in your browser’s address bar. Official sites rarely, if ever, display contact information this way. You should also be cautious if a support page shows you search results for a query you never typed in.
Here are a few more tips to stay safe:
- Be wary of urgent language in ads or on the page, such as “call now for emergency help.”
- Heed any warnings your browser displays about a potentially unsafe link or ad.
- Always verify a support number. Check it against a number listed inside the company’s official app, on a product box, or in a previous email you know is legitimate.
If a number you find through a search ad doesn’t match an official source, do not call it.
