• 07 3184 7575

Tech Support Scammers Exploit Legitimate Websites to Trick Users

  • Home
  • Blog Posts
  • Tech Support Scammers Exploit Legitimate Websites to Trick Users
  • March 9, 2026
  • 0 Comments

Cybercriminals are finding new ways to trick unsuspecting users into calling fraudulent tech support hotlines. A recent campaign uncovered by security firm Malwarebytes reveals how scammers are manipulating legitimate websites of major companies—including Apple, Microsoft, HP, Facebook, Netflix, Bank of America, and PayPal—to display fake support phone numbers.

How the Scam Works

The attackers purchase sponsored Google ads designed to appear when users search for “24/7 support” for well-known companies. Unlike traditional scams that redirect victims to lookalike phishing sites, these ads instead link to the real company websites—most often help center or shop pages that include search functionality.

Through a technique called search parameter injection, the scammers craft URLs that cause the legitimate page to display their phone number in the site’s search bar or search results.

This makes the scam harder to detect:

  • The browser’s address bar shows the official website, giving a false sense of legitimacy.
  • The fraudulent phone number appears prominently as if it were part of the company’s official support information.

What Happens Next

Once a victim calls the fake number, scammers pose as the trusted brand’s support team. Their goals may include:

  • Harvesting personal or financial data
  • Gaining remote access to the victim’s computer
  • Draining bank or PayPal accounts

Jerome Segura, Senior Director of Research at Malwarebytes, warned that while some injected results are easier to spot as fake, others—such as those on Apple and Netflix pages—can appear completely legitimate, making users more likely to fall victim.

Key Takeaway for Businesses and Users

This campaign is another reminder that seeing a trusted brand in your browser address bar does not guarantee safety. Cybercriminals continue to innovate, leveraging weaknesses in legitimate platforms to exploit human trust.

At CSB, we recommend:

  • Always verifying support phone numbers directly from a company’s official contact page (not search results).
  • Training staff to recognize social engineering tactics.
  • Implementing layered cybersecurity defenses that protect against phishing, fraudulent ads, and malicious access attempts.

Staying informed and vigilant remains one of the most effective defenses against evolving cyber threats.

Previous Post
AI Voice Cloning Sparks Fraud Concerns in Financial Sector