Netflix, Apple, BofA websites hijacked with fake help-desk numbers

Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.

It's a variation of SEO or search poisoning, in which the attackers manipulate the search engine algorithms to promote what is usually a malicious website masquerading as the real deal. In this new scam, the fraudster pays for a sponsored ad on Google and crafts a malicious URL that embeds a fake phone number into the real site's legitimate search functionality.

Because the ad resolves to the authentic Netflix domain, reputation-based browser filters, such as Chrome's Safe Browsing, won't flag it as malicious.

When someone searches "24/7 Netflix support," for example, the digital thieves' ad pops up as one of ...