Skip to content

Netflix, Microsoft, and Bank of America websites hijacked by scammers

  • by
  • 3 min read

Tech support scammers have hijacked search results for popular websites like Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. The scammers replaced legitimate customer support phone numbers with their own numbers to redirect customers looking for help.

The scam was spotted by Malwarebytes’ senior director of research, Jérôme Segura. It begins with the scammers paying for a sponsored ad on Google, impersonating a popular brand. Usually, such fake ads redirect users to entirely fake websites. In this particular scam, the website is legitimate, with the browser address bar also showing the legitimate site’s URL. However, the information a visitor sees on the page is fake, as the scammers have poisoned the search results to display their phone numbers in what resembles an official search result.

Depending on the site, the exact modus operandi of the scam can differ. A Malwarebytes report on the scam claims that scammers pose as the brand and try to get the victim to hand over their personal data or card details in the case of Bank of America and PayPal websites. It also operates differently based on how the company’s legitimate website functions. For example, in the case of Netflix, attackers are able to get away with the scam because Netflix’s search functionality “blindly reflects whatever users put in the search query parameter without proper sanitization or validation.”

Fake netflix search results
Legitimate Netflix website with a fake phone number in the search results. | Source: Malwarebytes

The scam is highly effective because the user sees the legitimate URL and website in their browser, and the fake numbers appear to resemble official search results. Malwarebytes has dubbed this a “search parameter injection attack,” as scammers are crafting malicious URLs that embed their fake numbers into a genuine site’s search functionality.

The most obvious tells for such an attack are a phone number in the URL and encoded characters like %20 (space) and %2B (+ sign) written along with the phone numbers. If a website starts showing search results before you start typing, or is using urgent, call-to-action language to urge you to call a number—indicating potentially scammy phone numbers.

In the News: Novel Linux flaw lets attackers get root access

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of duckduckgo 3909sdi9903

DuckDuckGo’s browser is expanding its scam defence

Photo by jivacore/shutterstock. Com

Novel Linux flaw lets attackers get root access

This is an image of data breach featured

Zoomcar suffers data breach affecting 8.4 million users

This is an image of smart home iot internet of things 329ufsd

UK privacy watchdog orders smart device to stop invading user privacy

Illustration: jmiks | shutterstock

Anubis ransomware adds novel file wiping capabilities

This is an image of dark web dark net deep web 1

Police seize underground drug marketplace with over 600,000 users

>