Beware, a new phishing campaign is currently underway, and it's incredibly well-crafted. Malwarebytes' sleuths have detected scammers injecting fake phone numbers for support services onto more than official websites, such as Apple, PayPal, Microsoft, and Netflix.
Fraudulent numbers on official websites
Scammers are buying ads that appear at the top of Google search results. These point to legitimate sites (like apple.com or microsoft.com), but use parameters appended to the URL—invisible in the ad—to inject misleading information into the page loaded by the user.
Google requires ads to display the official domain name they redirect to, but also allows parameters to be added after the domain name. And these elements don't have to be visible. Scammers simply add strings that offer the user to call a number for help. A number that then appears as if it were provided by the company itself.
Pages modified in this way are very difficult to distinguish from the real thing: "If I showed this page to my parents, I don't think they would know it was fake," warns Jérôme Segura, principal analyst at Malwarebytes. The victim therefore thinks they are calling Apple or Microsoft, but on the other end of the line, a scammer is trying to extract banking information or even remote access to the computer.
The process works on most browsers and even affected Malwarebytes' own site for a time, before the company implemented specific filtering. To date, only Google's advertising inserts are affected, but it is not excluded that other networks are vulnerable to a similar attack.
"The site does not differentiate between a normal request and a predefined request injected by a scammer," explains the specialist. Of course, you still have to call the infamous number to fall for it, but users in a hurry, distracted, or those with visual or cognitive impairments remain particularly at risk. Malwarebytes recommends not clicking on Google ads and instead focusing on so-called "organic" results in search engines, which are less likely to have been hijacked.
Source: Malwarebytes
0 Comments