Don’t trust mystery digits popping up in your search bar
Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.
It's a variation of SEO or search poisoning, in which the attackers manipulate the search engine algorithms to promote what is usually a malicious website masquerading as the real deal. In this new scam, the fraudster pays for a sponsored ad on Google and crafts a malicious URL that embeds a fake phone number into the real site's legitimate search functionality.
Because the ad resolves to the authentic Netflix domain, reputation-based browser filters, such as Chrome's Safe Browsing, won't flag it as malicious.
When someone searches "24/7 Netflix support," for example, the digital thieves' ad pops up as one of the top results, and when the unwitting victim clicks on the URL, it takes them to the help page of the brand's website.
The page looks real — because it is — but displays a phone number pre-populated in the search bar on that page. This purports to be the legitimate help-desk phone number, but in reality it's a fake, controlled by the attackers.
As the anti-malware security firm explains:
This is able to happen because Netflix's search functionality blindly reflects whatever users put in the search query parameter without proper sanitization or validation. This creates a reflected input vulnerability that scammers can exploit.
Overview: Check Point researchers have identified a new phishing campaign that exploits Microsoft’s “Dynamics 365 Customer Voice,” a customer relationship
Overview:
Check Point researchers have identified a new phishing campaign that exploits Microsoft’s “Dynamics 365 Customer Voice,” a customer relationship management software product. It’s often used to record customer calls, monitor customer reviews, share surveys and track feedback.
Microsoft 365 is used by over 2 million organizations worldwide. At least 500,000 organizations use Dynamics 365 Customer Voice, including 97% of Fortune 500 companies.
In this campaign, cyber criminals send business files and invoices from compromised accounts, and include fake Dynamics 365 Customer Voice links. The email configuration looks legitimate and easily tricks email recipients into taking the bait.
As part of this campaign, cyber criminals have deployed over 3,370 emails, with content reaching employees of over 350 organizations, the majority of which are American. More than a million different mailboxes were targeted.
Affected entities include well-established community betterment groups, colleges and universities, news outlets, a prominent health information group, and organizations that promote arts and culture, among others.
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
Ledger has warned that scammers are mailing letters that appear to be from the company to users of its hardware wallets in an attempt to swipe crypto.
Scammers are mailing physical letters to the owners of Ledger crypto hardware wallets asking them to validate their private seed phrases in a bid to access the wallets to clean them out.
In an April 29 X post, tech commentator Jacob Canfield shared a scam letter sent to his home via post that appeared to be from Ledger claiming he needed to immediately perform a “critical security update” on his device.
The letter, which uses Ledger’s logo, business address, and a reference number to feign legitimacy, asks to scan a QR code and enter the wallet’s private recovery phrase under the guise of validating the device.
Google intelligence report finds UK is a particular target of IT worker ploy that sends wages to Kim Jong Un’s state
British companies are being urged to carry out job interviews for IT workers on video or in person to head off the threat of giving jobs to fake North Korean employees.
The warning was made after analysts said that the UK had become a prime target for hoax IT workers deployed by the Democratic People’s Republic of Korea. They are typically hired to work remotely, enabling them to escape detection and send their wages to Kim Jong-un’s state.
Google said in a report this month that a case uncovered last year involved a single North Korean worker deploying at least 12 personae across Europe and the US. The IT worker was seeking jobs within the defence industry and government sectors. Under a new tactic, the bogus IT professionals have been threatening to release sensitive company data after being fired.
The Federal Bureau of Investigation (FBI) warns the public about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees to deceive and defraud individuals. Between December 2023 and February 2025, the FBI received more than 100 reports of IC3 impersonation scams.
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins.
An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers
The concept is simple, the FBI explains: “Scammers impersonate bank reps to convince victims that hackers have infiltrated their financial account. Victims are urged to move their money fast to protect their assets. In reality, there was never a hacker, and the money that was wired is now fully controlled by the scammer.”
A phishing campaign is using CrowdStrike recruitment branding to deliver malware disguised as a fake application. Learn more.
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore…
Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.
This article explores Netcraft’s research into the use of generative artificial intelligence (GenAI) to create text for fraudulent websites in 2024. Insight ...
“Sorry, Benedetto, but I need to identify you,” the executive said.
Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States.
#Computer #Facebook #InfoSec #Instagram #Media #Meta #Scam #Security #Sextortion #Social
Investor beware: online promises of quick profits are not always as legitimate as they look. Swiss public broadcaster, SRF, looked into a Cyprus-based network of scam websites.
The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets.
“This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”
More than 800,000 people in Europe and the US appear to have been duped into sharing card details and other sensitive personal data with a vast network of fake online designer shops apparently operated from China.
Our researchers found fake sponsored search results that lead consumers to a typical fake Microsoft alert site set up by tech support scammers.
