Attackers are using malicious ads to mislead users into contacting fake tech-support numbers. This scam involves buying Google ads that redirect users to legitimate sites but instead display false phone numbers alongside terms like 'emergency support.' Victims are then manipulated into providing money or remote access to their computers. A recent report indicates a notable rise in such scams, reflecting a targeted approach that effectively capitalizes on users' urgent tech needs.
The attack itself is technically not very sophisticated. You just have to test for which sites it works, for which ones it doesn't, and then you buy Google ads for those that do. But the social engineering behind it is very clever, according to Malwarebytes Senior Intelligence Reporter Pieter Arntz.
A threat actor buys a sponsored Google ad that links to a legitimate host. The sponsored ad redirects to a search result containing a false phone number and a phrase like 'emergency support.' The scammer poses as the brand and tries to get the victim to send money or provide remote access to a computer.
Ad-security company GeoEdge, in its 2024 Ad Quality report, found a 10% year-over-year increase in malicious advertising, with tech-support scams rising from 2% of attack vectors in 2023 to 4% in 2024.
The attack revealed by Malwarebytes is 'quite devious,' according to Roger A. Grimes, because adversaries throw a tech-support number in your field of vision, capitalizing on the urgency people feel when needing help.
Collection
[
|
...
]