Saturday, June 21, 2025

Address Bar Shows Hp.com, Browser Displays Malicious Text

Microsoft, Apple, Bank of America, and many more sites all targeted.

Posted by LampLighter at 07:32 PM | 3 COMMENTS | permalink

More

"If I showed the [webpage] to my parents, I don't think they would be able to tell that this is fake," Jerome Segura, lead malware intelligence analyst at Malwarebytes, said in an interview. "As the user, if you click on those links, you think, 'Oh I'm actually on the Apple website and Apple is recommending that I call this number.'"

Comments

More from the article ...

... Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies.

The ruse, outlined in a post on Wednesday from security firm Malwarebytes, threatens to trick users into calling the malicious numbers even when they think they're taking measures to prevent falling for such scams. One of the more common pieces of security advice is to carefully scrutinize the address bar of a browser to ensure it's pointing to an organization's official website. The ongoing scam is able to bypass such checks. ...

Not the Apple page you're looking for

"If I showed the [webpage] to my parents, I don't think they would be able to tell that this is fake," Jrme Segura, lead malware intelligence analyst at Malwarebytes, said in an interview. "As the user, if you click on those links, you think, Oh I'm actually on the Apple website and Apple is recommending that I call this number.'"

The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance,

#1 | Posted by LampLighter at 2025-06-20 01:14 AM

Oh, this is not A good Thing.

#2 | Posted by LampLighter at 2025-06-20 01:14 AM

Two responses from the comment section of the article:

Okay, this is way less bad than the headline, or even the article makes it sound. Like obviously bad and it's going to catch some people, but it's framed in the headline and all over the text as the article as though it's inserting text into the actual static elements of the webpage being served, when the screenshots just show it putting the text in the search query bar.

--------------------------------------

But it also then shows up as a header for the search results, which can easily be mistaken for a static element of the site by a user, especially since the user is not expecting to get dumped into a search results page.

#3 | Posted by Idependant97 at 2025-06-21 01:49 PM

Drudge Retort Headlines

Starving Gaza Child Killed by IDF Moments After He Gets Food (134 comments)

Trump Fires Commissioner of Labor Hours After Weak Jobs Report (69 comments)

South Carolina Family Terrorized (44 comments)

White House $200 Million Ballroom Construction to Begin (36 comments)

Everybody Hates Trump Now (27 comments)

Trump Admin Touts Forgiveness in ICE Recruitment Push (24 comments)

Smithsonian Removes Trump from Impeachment Exhibit (23 comments)

US Inflation Warms up in June as Tariffs Boost some Goods Prices (21 comments)

'Color is neither a poison nor a crime' (17 comments)

Trump Reveals Plan to Revoke Birthright Citizenship (16 comments)