- Scammers use the legitimate site to send their malicious ‘technological support’ phone numbers
- It is called search parameter injection or reflected input vulnerability
- Attackers change legitimate URLs with Dodgy Details
False technical support fraudsters inject false phone numbers on legitimate websites, with larger companies such as Apple, PayPal and Netflix influenced by a growing type of threat that could put customers’ data at risk, experts have warned.
The scam is particularly misleading because it is bypassing the usual security checks that knowledgeable Internet users can do as verifying the URL, but injecting malicious phone numbers on the official sites.
Online advertising room is behind the attack vector, where scammers buy Google ads to make up as big brands.
Take care of these fake technological support hotlines
Click on the ad may possibly lead to the official site, but the scams use malicious URL parameters to change the content displayed on the site – such as displaying fake phone numbers in support sections. Because the browser shows the legitimate domain, it is less likely that users are suspicious.
Researchers at Malwarebytes describe the attack as search parameter injection attacks – or reflected input vulnerability.
“Once the number is called, the scams will be the mark for the purpose of getting their victim to provide personal information or card information or even allow remote access to their computer,” the researchers explain.
Other affected places include HP, Microsoft, Facebook and Bank of America.
Malwarebytes encourages users to be tired of false technological support lines by checking if the phone number is embedded in the URL (in which case is almost certainly malicious) searching for unusual and high -pressure conditions such as’ calls now ‘, scanning of url for coded characters such as’%20’ (space) and ‘%2b (‘+’) and exercise of caution, highlighted a search period.
Users can also navigate to the site’s official top-level domain (eg www.apple.com) and find their own way of supporting, rather than trusting advertisements do not typically buy online ads to sell technical support.
