Scams that display fake phone numbers on official websites are confirmed on Microsoft, Apple, Netflix, etc.
A common piece of advice to avoid online scams is to check the address bar to see if the site is official. However, research has revealed that even this verification method cannot completely avoid a scam that displays a fake phone number even though it is an official site.
Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number | Malwarebytes
Address bar shows hp.com. Browser displays scammers' malicious text anyway. - Ars Technica
https://arstechnica.com/security/2025/06/tech-support-scammers-inject-malicious-phone-numbers-into-big-name-websites/
The attackers who carry out this scam first purchase Google ads that appear at the top of Google search results. In Japanese, these are ad spaces that are labeled 'Sponsored.'
Google requires that links displayed in ads must use official domains, but does not restrict the addition of parameters to the links. Attackers exploit this by adding parameters that display their favorite phone numbers to links from well-known sites and displaying them as ads.
When this link is accessed, the official website will be displayed, and a fake phone number such as 'Please call: ____' will be displayed in the search box on the official website. Since the phone number is displayed along with the same URL as the official website, users searching for support may call without any suspicion.
According to an investigation by security firm Malwarebytes, the above technique was confirmed in Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. Malwarebytes itself was also a victim of this attack, but it was protected by setting up a filter to filter out invalid parameters.
Netflix reported that the search results displayed titles that would lead consumers to phone support, as shown below. Google ads do not display parameters, and only show https://www.netflix.com, so consumers may click without suspicion.
When accessed, the Netflix help page opens and displays the results of the search term 'Call: ____.' The help page and search results are real, but the search terms are fake and inserted by the attacker.
Here's what the website looks like. The search term for the product is 'Call me.' However, it says '4 results,' which seems a bit suspicious.
Malwarebytes said Apple was the 'hardest to determine if it was fake' because it didn't show anything in the search results and seemed to prompt users to call.
'The security flaw here is that when you visit a URL and run a search query against a company's website, the website has no way of knowing if it's a legitimate query or not. It can only output the results for the query you typed in,' said Jerome Segura of Malwarebytes.
As a countermeasure, it is important to check whether there are any parameters containing phone numbers at the end of the URL, whether the parameters contain encoded characters such as %20 (a space) or %2B (a symbol), and whether there are any suspicious search terms such as 'Call now' or 'Emergency support' in the browser's address bar.
in Posted by log1p_kr