38.4k unique visitors in the last 3 days

How Scammers Insert Phone Numbers into the URLs of Genuine Websites

A simple trick has inserted bogus support numbers into URLs that people will see in their web browsers when visiting the real websites of Netflix, Microsoft and Apple.

Malwarebytes Labs, suppliers of antivirus software, have warned of a simple way that scammers try to trick unwary visitors of genuine websites into calling fake support lines for those businesses. The method works as follows:

  • The scammer places a sponsored advert with a search engine like Google. One reason the advert is not identified as deceptive is that it points to the actual website of the business that the scammers want to impersonate.
  • The URL of the website is correct, although a bogus phone number has been appended to the URL.
  • The URL, including the bogus number, is visible in the browser of anyone who clicked through from the advert. Having searched for a contact number for a genuine business, there is a risk that the visitor will read and dial the number from the URL without properly reading the contents of the actual webpage.

Malwarebytes Labs claims to have seen this deception used to promulgate scam helpline numbers for a series of well-known businesses. They listed the following examples:

  • Apple
  • Bank of America
  • Facebook
  • HP
  • Microsoft
  • Netflix
  • PayPal

The deception is called a search parameter injection. It is pretty common for websites to provide search functions that generate webpages whose URLs end with a series of characters like:

  • “/search?keyword=search-term-here”, or
  • “/search?q=search-term-here”.

The search term can hence be abused by including a series of digits, such as a phone number. So instead of only seeing the URL for a business like Netflix, the visitor to Netflix’s website from the fraudulent web advert sees Netflix’s URL followed by a series of characters like “Call-205-123-456”.

To make matters worse, the same series of characters may also be reproduced inside the search field of the business’ actual search page. So a visitor to the website could see “For-support-call-205-123-456” in the space where they would normally type their own search query. That trick will not fool everybody but it is easy to see how an unwary or naive visitor might simply dial the number without thinking about how it has been presented on the webpage.

The trick works because the search functionality of websites will typically not be designed to weed out suspicious queries. The search query passed from the bogus advert is reproduced in full. Whether this will fool a visitor partly depends on the design of the business’ search page. It is the opinion of Malwarebytes Labs that Apple’s website is especially unsuited to identifying this deception.

Interestingly, Apple is the one where we found the scammer’s number was the hardest to identify as false.

[It] looks as if the web page tells the visitor they have no matches for their search, so they’d better call the number on display. That would drive them straight in the arms of scammers.

Malwarebytes Lab’s warning about this trick can be found here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email