Not the Apple page you're looking for
'If I the [webpage] For my parents I don't think they could say that this is fake, “said Jérôme Segura, lead malware -intelligence analyst at Malwarebytes, in an interview.” If the user clicks on those links, you think: “Oh I am actually on the Apple website and Apple is calling that I call this number.” “
The unknown actors behind the scam start buying Google advertisements that appear at the top of the search results for Microsoft, Apple, HP, PayPal, Netflix and other sites. While Google only displays the schedule and host name of the site to which the advertisement is linked (for example, https://www.microsoft.com), the advertisement adds parameters on the way to the right of that address. When a goal clicks on the advertisement, it opens a page on the official site. The attached parameters then inject fake telephone numbers in the page that sees the target.
A fake telephone number injected into a Microsoft web page.
Credit: Malwarebytes
A fake telephone number injected into a Microsoft web page.
Credit: Malwarebytes
A fake telephone number injected into an HP -Webpage.
Credit: Malwarebytes
A fake telephone number injected into an HP -Webpage.
Credit: Malwarebytes
Google requires advertisements to display the official domain to which they link, but the company makes it possible to have parameters to be added to the right side that are not visible. The scammers benefit from this by adding strings to the right of the host name. An example:
/kb/index?page=search&q=☏☏Call%20Us%20%2B1-805-749-2108%20AppIe%20HeIpIine%2F%2F%2F%2F%2F%2F%2F&product=&doctype=¤tPage=1&includeArchived=false&locale=en_US&type=organic
The parameters are not displayed in the Google advertisement, so a target has no clear reason to suspect that something is wrong. When clicks on, the advertisement leads to the correct host name. However, the attached parameters inject a fake telephone number in the web page that sees the goal. The technology works on most browsers and against most websites. Malwarebytes.com was one of the sites that were hit until recently, when the site started filtering the malignant parameters.
Fake number injected into an Apple -web page.
Credit: Malwarebytes
Fake number injected into an Apple -web page.
Credit: Malwarebytes
“If there is a security error here, it is that when you carry out that URL, that question against the Apple website and the Apple website is unable to determine that this is not a legitimate question,” Segura explained. “This is a preformed question made by a scammer, but [the website is] That cannot find out. So they just spit out of every search that you have. “
So far, Segura said, he has only seen the scammers abuse Google advertisements. It is not known whether advertisements on other sites can be abused in a similar way.
Although many goals will be able to acknowledge that the injected text is fake, the list may not be so clear to people with vision disorders, cognitive decline or who are just tired or rush. When someone calls the injected telephone number, they are connected to a scammer who presents himself as a representative of the company. The scammer can then mislead the caller to transfer personal or payment card details or allow external access to their computer. Founders who claim to be at Bank of America or PayPal try to gain access to the financial account of the target and to dispose of funds.
MalwareBytes browser protection product now warns users of such scams. A more extensive preventive step is to never click on links in Google advertisements, and instead, if possible, to click on links in organic results.
