{"id":530,"date":"2026-03-19T07:01:00","date_gmt":"2026-03-18T21:01:00","guid":{"rendered":"https:\/\/qld.cybersafebusiness.au\/index.php\/2026\/03\/19\/tech-support-scammers-exploit-legitimate-websites-to-trick-users\/"},"modified":"2026-03-19T07:01:00","modified_gmt":"2026-03-18T21:01:00","slug":"tech-support-scammers-exploit-legitimate-websites-to-trick-users","status":"publish","type":"post","link":"https:\/\/qld.cybersafebusiness.au\/index.php\/2026\/03\/19\/tech-support-scammers-exploit-legitimate-websites-to-trick-users\/","title":{"rendered":"Tech Support Scammers Exploit Legitimate Websites to Trick Users"},"content":{"rendered":"<p>Cybercriminals are finding new ways to trick unsuspecting users into calling fraudulent tech support hotlines. A recent campaign uncovered by security firm Malwarebytes reveals how scammers are manipulating legitimate websites of major companies\u2014including Apple, Microsoft, HP, Facebook, Netflix, Bank of America, and PayPal\u2014to display fake support phone numbers.<\/p>\n<h2>How the Scam Works<\/h2>\n<p>The attackers purchase sponsored Google ads designed to appear when users search for \u201c24\/7 support\u201d for well-known companies. Unlike traditional scams that redirect victims to lookalike phishing sites, these ads instead link to the real company websites\u2014most often help center or shop pages that include search functionality.<\/p>\n<p>Through a technique called search parameter injection, the scammers craft URLs that cause the legitimate page to display their phone number in the site\u2019s search bar or search results.<\/p>\n<p>This makes the scam harder to detect:<\/p>\n<ul>\n<li>The browser\u2019s address bar shows the official website, giving a false sense of legitimacy.\n<\/li>\n<li>The fraudulent phone number appears prominently as if it were part of the company\u2019s official support information.\n<\/li>\n<\/ul>\n<h2>What Happens Next<\/h2>\n<p>Once a victim calls the fake number, scammers pose as the trusted brand\u2019s support team. Their goals may include:<\/p>\n<ul>\n<li>Harvesting personal or financial data\n<\/li>\n<li>Gaining remote access to the victim\u2019s computer\n<\/li>\n<li>Draining bank or PayPal accounts\n<\/li>\n<\/ul>\n<p>Jerome Segura, Senior Director of Research at Malwarebytes, warned that while some injected results are easier to spot as fake, others\u2014such as those on Apple and Netflix pages\u2014can appear completely legitimate, making users more likely to fall victim.<\/p>\n<h2>Key Takeaway for Businesses and Users<\/h2>\n<p>This campaign is another reminder that seeing a trusted brand in your browser address bar does not guarantee safety. Cybercriminals continue to innovate, leveraging weaknesses in legitimate platforms to exploit human trust.<\/p>\n<p>At CSB, we recommend:<\/p>\n<ul>\n<li>Always verifying support phone numbers directly from a company\u2019s official contact page (not search results).\n<\/li>\n<li>Training staff to recognize social engineering tactics.\n<\/li>\n<li>Implementing layered cybersecurity defenses that protect against phishing, fraudulent ads, and malicious access attempts.\n<\/li>\n<\/ul>\n<p>Staying informed and vigilant remains one of the most effective defenses against evolving cyber threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals are finding new ways to trick unsuspecting users into calling fraudulent tech support hotlines. A recent campaign uncovered by security firm Malwarebytes reveals how scammers are manipulating legitimate websites [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":529,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-530","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=530"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/530\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/529"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}