Trying to Reach Netflix or Microsoft Support? Watch Out for Fake Numbers

Cyber scammers are using search engine listings to dupe Bank of America, Netflix, and Microsoft customers into calling fake customer support numbers.

According to a new report from Malwarebytes, cybercriminals will pay for a sponsored ad on Google pretending to be a major brand. But rather than trying to trick users into heading to a fake website, the visitor is instead taken to the brand’s legitimate website, with a small but dangerous difference.

In the website’s search bar, hijackers will display their fraudulent IT support number using a technique the researchers call “search parameter injection.” Once the unsuspecting user calls the number, the scammers will pose as the brand to try and get the victim to hand over personal data or card details, or even enable remote access to their computer.

Other major brands found to be targeted by these types of scams include PayPal, Apple, Facebook, and HP.

These types of dirty tactics can be extremely hard to spot, because users see the legitimate Netflix URL in their address bar as well as the real site that they are trying to visit (which is otherwise totally identical).

(Credit: Malwarebytes )

Malwarebytes advises users to watch out for key giveaways like urgent language (“Call Now!”) as well as a website’s search bar displaying text before you type any in.

The researchers also advise users to keep an eye out for lots of encoded characters accompanying the support number, like “%20 (space)” and “%2B (+ sign).” Though this particular strain of scam seems to have appeared relatively recently, “malvertising,” where fraudsters try and hide malicious content in paid search results, has been booming for years.

Instances of malvertising in the US increased 41% from July to September of 2024, as per Malwarebytes. Researchers estimate 90% of “malvertising” scammers reside in South and Southeast Asian countries like Vietnam and Pakistan, the same regions where we’ve seen “pig butchering” romance scams and numerous creative SMS text message scams originate in recent years, driven by rapidly improving digital infrastructure.

Get Our Best Stories!

Your Daily Dose of Our Top Tech News

Sign up for our What’s New Now newsletter to receive the latest news, best new products, and expert advice from the editors of PCMag.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read Will’s full bio

Read the latest from Will McCurdy