exclusive
content

In a worrying new tactic, cybercriminals are now exploiting Google Ads to manipulate search results, displaying fraudulent customer service numbers instead of legitimate ones. The scam, discovered by researchers at Malwarebytes, involves a deceptive method that uses real corporate websites to deceive users.

Unlike conventional phishing schemes that direct victims to counterfeit sites, this approach uses sponsored ads that link to authentic company websites. However, the twist lies in the contact details shown—scammers tamper with search result snippets to insert their own phone numbers.

Once a user searches for support and clicks the sponsored link, they land on the genuine site. With the authentic domain visible in the address bar, the setup appears legitimate, leading users to trust the information presented. Victims then unknowingly call the scammer’s number, believing they are speaking with official customer support.

Malwarebytes highlighted that these scams are especially dangerous because of the multiple layers of authenticity. “The illusion is nearly perfect,” their June 18, 2025, report stated.

The real risk comes after users place the call. Believing they are interacting with a verified support team, they may share personal data, payment details, or even grant remote access to their devices. This can lead to severe outcomes such as ransomware attacks, data breaches, and system compromise.

Technically, this method does not rely on common tactics like DNS hijacking or browser-based attacks. Instead, scammers exploit how Google’s ad platform renders structured data during redirects. By manipulating certain parameters in the redirect chain, they manage to alter how contact details are cached and displayed in search results.

This sophisticated trick has been used against high-profile targets like Netflix, banks, and tech support services—sectors where users are quick to seek help and more likely to divulge sensitive information.

Experts warn that the seamless blend of real websites, trusted platforms, and fake contact data represents an evolution in social engineering tactics, one that traditional security training may not yet fully address.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: Cybersecuritynews.com

A botnet of more than 130,000 compromised devices is conducting a large-scale password-spray cyberattack, targeting Microsoft 365 accounts through a basic authentication feature.

The attacks have been recorded in non-interactive sign-in logs, something that the researchers at Security Scorecard note is often overlooked by security teams. Threat actors are able to exploit this feature by conducting high-volume password spraying attempts while going virtually undetected.

Non-interactive sign-ins are completed on behalf of the user, performed by a client app or operating system components, and do not require the user to provide any authentication. Rather, the user is automically authenticated using previously established credentials.

Non-interactive logins are widespread in Microsoft 365, driven by service accounts, automated tasks, and API integrations, said Jason Soroko, senior fellow at Sectigo, in an emailed statement to Dark Reading.

They often represent a significant portion of overall authentication events, as background processes routinely access resources without direct user input.

This tactic separates itself from traditional password spray attacks, which often result in account lockouts, prompting investigation by security teams. By exploiting non-interactive sign-ins, threat actors are given more time to infiltrate a system before the alarms are ever sound, and typically succeed against even the most robust security environments.

This tactic has been observed by the researchers across multiple M365 tenants across the world.

Stay updated with SOC News for cutting-edge security innovations and expert industry insights! 

Source : https://www.darkreading.com/cyberattacks-data-breaches/microsoft-365-accounts-sprayed-mega-botnet