Do not call any of these numbers.
We are now being repeatedly warned that legitimate infrastructure is being hijacked by attackers. This includes spoofed Google support addresses, Gmail passwords and even federal agency phone numbers. Now there’s another such attack to beware.
Malwarebytes warns that scammers are crafting malicious search engine results that link to legitimate sites — such as Netflix or Microsoft, but then open a webpage that includes a search box with a dangerous phone number inserted.
The team says this could be called “a search parameter injection attack, because the scammer has crafted a malicious URL that embeds their own fake phone number into the genuine site’s legitimate search functionality.”
If you call the number, the handler will pretend to represent the brand you called from, “with the aim of getting their victim to hand over personal data or card details, or even allow remote access to their computer.” If that brand is a financial firm such as PayPal or Bank Of America, scammers will try to empty accounts.
Malicious phone numbers on real website
Malwarebytes says users should watch for these red flags:
- “A phone number in the URL
- Suspicious search terms like ‘Call Now’ or ‘Emergency Support’ in the address bar of the browser
- Lots of encoded characters like the %20 (space) and %2B (+ sign) along with phone numbers
- The website showing a search result before you entered one
- The urgent language (Call Now, Account suspended, Emergency support) displayed on the website
- An in-browser warning for known scams (don’t ignore this).”
This follows another warning this week from Netcraft, that threat actors are “exploiting [search engine]
tools to deliver scams more efficiently.” This is fast becoming more industrialized, with “a black market service designed specifically to help adversaries automate their exploitation efforts, often with devastating results.”
While Netcraft says SEO poisoning usually “promotes malicious or fraudulent websites by exploiting the ranking systems of platforms like Google,” in these injection attacks the websites are real, making it much harder for users to immediately detect the threat. The phone numbers can even appear in the search engine results themselves.
What’s interesting is there has been so much focus from Google, the FBI and others on not responding to proactive technical or account support calls, that this puts the onus back on users, following official advice to find numbers for themselves before contacting any support desk. But adhere to those red flags and you’ll be fine.
This post was created with our nice and easy submission form. Create your post!
