Login

exclusive
content

Threat Actors Use ‘Prove You Are Human’ Prompts to Spread Malware

Can you sell out in 2 minutes? No, learn why!

SAP Community Call for ALM – APJ edition

IBM Invests $150 Billion to Boost Quantum Innovation & Security

Cybercriminals Exploit Google Search to Divert Users to Fraudulent Phone Lines

Securing Code to Cloud to SOC: How Palo Alto Networks stays secure in the age of sophisticated cloud attacks

In a worrying new tactic, cybercriminals are now exploiting Google Ads to manipulate search results, displaying fraudulent customer service numbers instead of legitimate ones. The scam, discovered by researchers at Malwarebytes, involves a deceptive method that uses real corporate websites to deceive users.

Unlike conventional phishing schemes that direct victims to counterfeit sites, this approach uses sponsored ads that link to authentic company websites. However, the twist lies in the contact details shown—scammers tamper with search result snippets to insert their own phone numbers.

Once a user searches for support and clicks the sponsored link, they land on the genuine site. With the authentic domain visible in the address bar, the setup appears legitimate, leading users to trust the information presented. Victims then unknowingly call the scammer’s number, believing they are speaking with official customer support.

Malwarebytes highlighted that these scams are especially dangerous because of the multiple layers of authenticity. “The illusion is nearly perfect,” their June 18, 2025, report stated.

The real risk comes after users place the call. Believing they are interacting with a verified support team, they may share personal data, payment details, or even grant remote access to their devices. This can lead to severe outcomes such as ransomware attacks, data breaches, and system compromise.

Technically, this method does not rely on common tactics like DNS hijacking or browser-based attacks. Instead, scammers exploit how Google’s ad platform renders structured data during redirects. By manipulating certain parameters in the redirect chain, they manage to alter how contact details are cached and displayed in search results.

This sophisticated trick has been used against high-profile targets like Netflix, banks, and tech support services—sectors where users are quick to seek help and more likely to divulge sensitive information.

Experts warn that the seamless blend of real websites, trusted platforms, and fake contact data represents an evolution in social engineering tactics, one that traditional security training may not yet fully address.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: Cybersecuritynews.com

Join our newsletter

Don’t miss out on updates and valuable content!

Powered by Vereigen Media - logo

Our Network

Trending

Most Popular

Contact Us | About | Privacy Policy 
©2025 SOC News or its affiliates – All rights reserved.

We are a global marketing support and inside sales company that enhances business performance of B2B organizations through data, quality and lead generation solutions. We mobilize your sales by building precise prospect database and technology marketing services, tailored to maximize your customer engagement opportunities.