Multiple sites hijacked for bogus support number injections

Hackread reports that high-profile organizations, including Microsoft, Apple, Facebook, Bank of America, and PayPal, had their websites compromised to include fraudulent customer support numbers as part of a widespread search parameter injection scam.

Intrusions involved the use of Google Ads to redirect targets to the companies' legitimate websites, which were compromised with a malicious web address facilitating the integration of bogus phone numbers in their search functionality, according to a report from Malwarebytes. Attackers behind the phone numbers then aim to obtain personal and credit card details, remote device access, and bank account funds, said Malwarebytes researchers, who touted the efficacy of the firm's Browser Guard tool in identifying such malicious activity. With the threat not being as easily detectable in other sites, individuals should be vigilant of phone numbers in web address bars, atypical characters with phone numbers in URLs, and other suspicious language. All support numbers should also be verified using a trusted source before making a phone call, researchers advised.