Scammers are leveraging Google ads by appending malicious parameters to official domains, misleading users into believing they are visiting legitimate websites like Apple or Microsoft. This method leads to a deceptive webpage that presents fake phone numbers for customer support, which can trick users into calling these numbers. Jérôme Segura from Malwarebytes highlights the sophistication of the scam, making it indistinguishable from real sites. Despite Google's ad policies requiring the display of official domains, the loophole in parameter handling has allowed this fraud to proliferate.
If I showed the [webpage] to my parents, I don't think they would be able to tell that this is fake, said Jérôme Segura.
Google requires ads to display the official domain they link to, but the company allows parameters to be added that aren't visible, enabling scammers.
The appended parameters inject fake phone numbers into the page, misleading users into thinking they are on a legitimate site.
Malwarebytes.com was among the sites affected until it began filtering out the malicious parameters that were being exploited.
Collection
[
|
...
]