When seeking assistance through the official customer support portals of well-known companies, it is natural to expect a genuine service representative on the other end of the line. However, malicious actors are exploiting this trust by taking over the online presence of reputable organizations such as Netflix, PayPal, and Apple, with the intent to swindle your personal data or gain unauthorized access to your devices.

Research conducted by Malwarebytes Labs has uncovered a tech support scam that manipulates URLs to implant deceptive contact numbers within authentic search results. Below are strategies to help identify and steer clear of such fraudulent activities.

Understanding the Hijacking of Customer Support Pages

This type of scam often initiates with a sponsored advertisement displayed in Google search results. If a user searches for the tech support number of a specific company, they may encounter several misleading options at the top of the results page. While some links might direct users to a spoofed phishing site, others could lead to a genuine support page that appears legitimate.

Despite landing on a valid website, the displayed phone number could be false, connecting callers with scammers instead of actual customer support. Cybercriminals cleverly integrate their numbers into authentic sites, making them look legitimate. Once engaged on the phone, these fraudsters may request your login credentials, sensitive financial data, or even seek remote access to your device.

The deceptive nature of these scams is heightened by the genuine appearance of both the URL and the layout of the website, which can easily mislead users into believing they are contacting official support. Malwarebytes has identified this scam affecting well-known companies, including Netflix, PayPal, Apple, Microsoft, Facebook, Bank of America, and HP.

Identifying Warning Signs of Fake Tech Support Websites

Awareness of this scam’s existence is crucial for prevention, and recognizing specific indicators can help safeguard against it. Begin by examining the address bar of your browser for any strange characters or acronyms (such as %20 or %2B) and phrases like “call now” or “emergency support” in the URL. If the webpage displays search results without any input from you, it may indicate a fraudulent site. Always be cautious of language that promotes urgency.

Moreover, scammers utilize techniques such as call spoofing, which makes it possible for them to appear as trusted sources. Hence, a return call from “tech support” could show up as a legitimate company number when searched, further complicating validation. If the conversation feels abnormal, especially with urgent requests for personal details or device access, it is best to terminate the call immediately.

To protect yourself, it is advisable to find official customer support numbers by visiting the company’s homepage directly or checking their verified social media accounts. Reviewing previous communications from the organization or logging into your customer account for contact details is also recommended. Avoid depending on search engine results alone.