HP.com Address Bar Shows Scammers’ Fake Text – Stay Safe!
▼ Summary
– Scammers use Google ads to impersonate legitimate sites like Apple and Microsoft, injecting fake phone numbers into official webpages via appended URL parameters.
– The fake phone numbers appear convincing, making it hard for users, especially vulnerable groups, to recognize the scam.
– Google’s ad policy allows hidden parameters, which scammers exploit to redirect users to legitimate domains while displaying fraudulent content.
– Victims who call the fake numbers are connected to scammers posing as company reps, risking theft of personal or financial information.
– Malwarebytes recommends avoiding Google ad links and using organic search results to prevent falling for such scams.
Cybercriminals are exploiting Google ads to inject fake customer support numbers into legitimate websites like Apple, Microsoft, and HP, putting unsuspecting users at risk of fraud. Security experts warn that these sophisticated scams can easily deceive even tech-savvy individuals, as the malicious links appear completely legitimate in search results.
When victims click on these paid ads, they land on authentic company websites, but hidden parameters in the URL append fraudulent contact details directly onto the page. The fake numbers blend seamlessly into the site’s design, making them nearly indistinguishable from legitimate support lines. According to Jérôme Segura, a malware intelligence analyst at Malwarebytes, many users, especially older adults or those with visual impairments, may not realize they’re being tricked.
Scammers purchase Google ads targeting searches for major brands, ensuring their malicious links appear at the top of results. While Google displays the correct domain (e.g., microsoft.com), it allows additional parameters that aren’t visible in the ad preview. These hidden strings inject fake phone numbers or urgent messages into the webpage after loading. For example, a manipulated URL might display a fraudulent Apple support line, prompting users to call and hand over sensitive information.
Once victims dial the number, they’re connected to fraudsters posing as customer service agents. These criminals often attempt to steal financial details, gain remote access to devices, or drain bank accounts under the guise of resolving fake technical issues. Segura notes that while Google’s ad policies require legitimate domains, the platform doesn’t filter out these malicious parameters, leaving websites vulnerable to abuse.
Malwarebytes has implemented protections to block these scams, but the best defense remains vigilance. Users should avoid clicking on sponsored search results and instead rely on organic listings. If a webpage suddenly displays unfamiliar contact information, verifying it through the company’s official support channels is crucial.
This scam highlights a growing trend of cybercriminals weaponizing trusted platforms. As long as search engines permit unchecked URL parameters, these deceptive tactics will continue to threaten online security. Staying informed and skeptical of unexpected prompts, even on legitimate sites, is key to avoiding financial loss and identity theft.
(Source: Ars Technica)
