PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Trying to Reach Netflix or Microsoft Support? Watch Out for Fake Numbers

These fake Google search results serve up real websites—but with a dangerous twist.

Will McCurdy
 & Will McCurdy Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Matthias Balk/Picture Alliance via Getty Images)

Cyber scammers are using search engine listings to dupe Bank of America, Netflix, and Microsoft customers into calling fake customer support numbers.

According to a new report from Malwarebytes, cybercriminals will pay for a sponsored ad on Google pretending to be a major brand. But rather than trying to trick users into heading to a fake website, the visitor is instead taken to the brand's legitimate website, with a small but dangerous difference.

In the website’s search bar, hijackers will display their fraudulent IT support number using a technique the researchers call “search parameter injection.” Once the unsuspecting user calls the number, the scammers will pose as the brand to try and get the victim to hand over personal data or card details, or even enable remote access to their computer.

Other major brands found to be targeted by these types of scams include PayPal, Apple, Facebook, and HP.

Recommended by Our Editors

Passkey-Adoption Report Finds Many Orgs Don't Know How to Quit Passwords
Passkey-Adoption Report Finds Many Orgs Don't Know How to Quit Passwords
Cybercriminals Are Now Coming After Freight Cargo. And They’re Doing a Great Job.
Cybercriminals Are Now Coming After Freight Cargo. And They’re Doing a Great Job.
Remember Digg? Bot Armies Stop the Classic Website Making a Comeback
Remember Digg? Bot Armies Stop the Classic Website Making a Comeback

These types of dirty tactics can be extremely hard to spot, because users see the legitimate Netflix URL in their address bar as well as the real site that they are trying to visit (which is otherwise totally identical).

(Credit: Malwarebytes )

Malwarebytes advises users to watch out for key giveaways like urgent language (“Call Now!”) as well as a website’s search bar displaying text before you type any in.

The researchers also advise users to keep an eye out for lots of encoded characters accompanying the support number, like "%20 (space)" and "%2B (+ sign)." Though this particular strain of scam seems to have appeared relatively recently, "malvertising," where fraudsters try and hide malicious content in paid search results, has been booming for years.

Instances of malvertising in the US increased 41% from July to September of 2024, as per Malwarebytes. Researchers estimate 90% of "malvertising" scammers reside in South and Southeast Asian countries like Vietnam and Pakistan, the same regions where we've seen "pig butchering" romance scams and numerous creative SMS text message scams originate in recent years, driven by rapidly improving digital infrastructure.

About Our Expert

Will McCurdy

Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read the latest from Will McCurdy

Read full bio