Malwarebytes recently reported that it has found scammers hijacking websites of name brands, including banks, software companies, and social media platforms to trick victims into calling a fraudulent telephone number instead of a 24/7 support line.
According to Malwarebytes:
Here’s how it works: Cybercriminals pay for a sponsored ad on Google pretending to be a major brand. Often, this ad leads people to a fake website. However, in the cases we recently found, the visitor is taken to the legitimate site with a small difference.
Visitors are taken to the help/support section of the brand’s website, but instead of the genuine phone number, the hijackers display their scammy number instead.
Once the victim calls the fake number pasted into the ad, the scammers attempt to coerce the victim to provide personal information, financial information, credit card information, or a user name and password to access a financial account.
To identify these scams, Malwarebytes suggests red flags to keep an eye out for:
- A phone number in the URL;
- Suspicious search terms like “Call Now” or “Emergency Support” in the address bar of the browser;
- Lots of encoded characters like the %20 (space) and %2B (+ sign) along with phone numbers;
- The website showing a search result before you entered one;
- The urgent language (Call Now, Account suspended, Emergency support) displayed on the website; and
- An in-browser warning for known scams (don’t ignore this).
Additionally:
[B]efore you call any brand’s support number, look up the official number in previous communications you’ve had with the company (such as an email, or on social media) and compare it to the one you found in the search results. If they are different, investigate until you’re sure which one is the legitimate one.
If during the call, you are asked for personal information or banking details that have nothing to do with the matter you’re calling about, hang up. These are solid steps to follow to prevent being victimized by these scams.
[View source.]
