New Scam Targets Google Users with Fake Support Numbers

• Cybersecurity
• Tech Scams
• Malvertising

Cybercriminals are using search engine ads and legitimate brand websites to trick users into calling fake support lines. Learn how to spot this new scam.

Scammers Hijack Search Listings to Target Major Brands

In a cunning new twist on online fraud, cybercriminals are using Google search ads and legitimate websites to trick users into calling fake support numbers. Brands like Bank of America, Netflix, Microsoft, Apple, and PayPal are among the latest targets, according to a report by cybersecurity firm Malwarebytes.

How the Scam Works

This scam uses a method called “search parameter injection.” When a user clicks a sponsored ad on Google for a well-known brand, they are redirected to the brand’s official website—but with one alarming modification. The website’s internal search bar appears to show a tech support phone number, inserted through manipulated URL parameters.

Unsuspecting users see a real, secure site and believe the support number is legitimate. When they call, they are connected to scammers posing as the company’s support team. These fraudsters then try to extract sensitive data like personal details, payment information, or even remote access to the user’s computer.

Why It's So Dangerous

Unlike typical phishing attacks that redirect users to fake websites, this tactic is more deceptive because users never leave the legitimate brand's domain. The scam capitalises on a user’s trust in the site they see in their browser’s address bar.

Malvertising on the Rise

This tactic is a sophisticated form of "malvertising"—malicious advertising embedded in search engine ads. Malwarebytes reports a 41% increase in malvertising in the US between July and September 2024. Most of these scams originate from countries like Vietnam and Pakistan, which are also hotspots for “pig butchering” romance scams and SMS-based fraud.

How to Spot and Avoid the Scam

• Check for strange characters: Scam URLs may contain encoded characters like "%20" or "%2B".
• Beware of urgent language: Messages urging users to “Call Now!” or promising immediate help are red flags.
• Look at the search bar: If a phone number appears in the site’s search bar before you type anything, it's likely a scam.
• Never call numbers from unverified ads: Always go directly to the official website and find support numbers listed there.
• Use ad blockers or anti-malvertising tools: Browser extensions like Malwarebytes Browser Guard can help detect and block suspicious ads.

Protect Yourself and Report Scams

If you’ve called a fake number or shared any sensitive information, take immediate steps:

• Disconnect your device from the internet and run a malware scan.
• Change passwords for all important accounts.
• Contact your bank to monitor or freeze your accounts.
• Report the incident to Scamwatch and the brand being impersonated.

As scammers get more sophisticated, it’s vital to stay informed and vigilant. Trust only verified sources for customer support—and never let your guard down, even on a legitimate site.