It’s reasonable to assume that if you reach out to tech support from a legitimate help website, you’ll be speaking with a real customer service representative. However, scammers are hijacking pages belonging to companies like Netflix, PayPal, and Apple with the goal of stealing your information or gaining remote access to your device.
Malwarebytes Labs has identified a tech support scam that uses malicious URLs to embed fake phone numbers within legitimate site searches. Here’s how to identify and avoid falling victim to this attack.
How scammers are hijacking customer support pages
This scam begins, as many do, with a sponsored ad on Google. If you search for a company’s tech support phone number, you may see several (fake) results near the top of the page. Often, clicking these links will take you to a fake phishing website that you can identify by checking the URL, but in some cases, you’ll actually land on the legitimate support page with little cause for suspicion.
However, the number displayed may be fraudulent, and if you call, you’ll reach scammers rather than tech support. This type of attack allows cybercriminals to embed phone numbers within an authentic site, where they are prominently displayed. Once on the phone, scammers will request login credentials, financial account information, or even remote access to your device.
Because the URL is legitimate and the page layout authentic, you may not think twice about calling the number. Malwarebytes has found this attack on sites that include Netflix, PayPal, Apple, Microsoft, Facebook, Bank of America, and HP.
Red flags for hijacked tech support sites
Now that you know that this scam is possible, there are a few signs to watch for. First, check your browser’s address bar. There is likely a phone number with lots of encoded characters (%20 or %2B) and/or text like “call now” or “emergency support” in the URL. If the website shows search results and you didn’t enter a search term in the on-page search bar, it may be a scam. As always, any language that sounds urgent should also raise suspicion.
Unfortunately, this isn’t the only way that scammers can impersonate legitimate companies. With call spoofing , fake calls can appear to come from real, known numbers, so if you receive a call back from “tech support” and google the number, it’ll show up as the actual company support line. If anything feels off—there’s a sense of urgency or the caller asks for personal information or requests access to your device—hang up.
To avoid this, look for company phone numbers by navigating directly to the home page or checking official social media channels. You can also look for contact information in past communication from the company or by logging into your account. Do not rely on search results.
