A new scam is targeting people looking for help from big companies. According to Malwarebytes, scammers are hijacking search results on companies like Netflix, Apple, Bank of America, Facebook, HP, Microsoft, and PayPal to make users believe they are calling real customer support when, in fact, they are talking to scammers.

Scammers Hijack Netflix, Microsoft and Apple Support Pages with Fake Phone Numbers

This trick is a form of “search poisoning.” That means hackers are using search engine ads and fake websites to fool people. They pay for sponsored ads on platforms like Google. These ads lead users to official websites, but with a dangerous twist.

How the Scam Works

Let’s say someone searches “Netflix 24/7 support.” A scam ad may appear at the top of the search results. If the person clicks on it, it will open the real Netflix website, but the search bar on the page will already show a fake support phone number. This number is not from Netflix. It’s from scammers.

The page looks real because it is real. But the attackers use a weakness in the site’s search feature. Netflix’s search bar reflects whatever is typed in the URL, and it doesn’t check if it’s safe or not. This lets scammers sneak in their phone number.

If someone calls the number, they might be asked for sensitive information. Scammers could ask for bank details, login credentials, or even remote access to your computer. Once inside, they can steal passwords, files, or empty bank accounts.

Why It’s Dangerous

What makes this scam hard to detect is that it uses real websites. The malicious number shows up on pages that are otherwise completely legit. Because of this, browser tools like Google Chrome’s Safe Browsing don’t catch it. There’s no warning.

People who don’t notice the strange phone number may just call it and believe they are speaking to official help staff. That’s when the scam begins.

How to Stay Safe

Malwarebytes, the security company that discovered the scam, says users should be extra careful. They suggest looking closely at URLs. If you see strange words like “call now,” “emergency help,” or phone numbers in the web address, that’s a red flag.

Watch out for codes like %20 (space) or %2B (+ sign) In URLs, these might be signs of an attack. Real companies don’t put phone numbers directly in the URL or in the search bar like that.

Most importantly, real customer support teams will not ask for your password, bank info, or remote access to your device. If someone does, hang up right away.

Our Thoughts

This is a smart and dangerous trick by scammers who know how to use search engines and website flaws. Always be careful before calling any number you find online. If you’re unsure, go directly to the official company website and look for their contact page.

Stay alert and don’t trust everything you see in your search results — even if the page looks real. It’s better to double-check than to become a victim.