Saturday, June 21, 2025

Address Bar Shows Hp.com, Browser Displays Malicious Text

Microsoft, Apple, Bank of America, and many more sites all targeted.

Posted by LampLighter at 07:32 PM | 3 COMMENTS | permalink

More

"If I showed the [webpage] to my parents, I don't think they would be able to tell that this is fake," Jerome Segura, lead malware intelligence analyst at Malwarebytes, said in an interview. "As the user, if you click on those links, you think, 'Oh I'm actually on the Apple website and Apple is recommending that I call this number.'"

Comments

More from the article ...

... Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies.

The ruse, outlined in a post on Wednesday from security firm Malwarebytes, threatens to trick users into calling the malicious numbers even when they think they're taking measures to prevent falling for such scams. One of the more common pieces of security advice is to carefully scrutinize the address bar of a browser to ensure it's pointing to an organization's official website. The ongoing scam is able to bypass such checks. ...

Not the Apple page you're looking for

"If I showed the [webpage] to my parents, I don't think they would be able to tell that this is fake," Jrme Segura, lead malware intelligence analyst at Malwarebytes, said in an interview. "As the user, if you click on those links, you think, Oh I'm actually on the Apple website and Apple is recommending that I call this number.'"

The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance,

#1 | Posted by LampLighter at 2025-06-20 01:14 AM

Oh, this is not A good Thing.

#2 | Posted by LampLighter at 2025-06-20 01:14 AM

Two responses from the comment section of the article:

Okay, this is way less bad than the headline, or even the article makes it sound. Like obviously bad and it's going to catch some people, but it's framed in the headline and all over the text as the article as though it's inserting text into the actual static elements of the webpage being served, when the screenshots just show it putting the text in the search query bar.

--------------------------------------

But it also then shows up as a header for the search results, which can easily be mistaken for a static element of the site by a user, especially since the user is not expecting to get dumped into a search results page.

#3 | Posted by Idependant97 at 2025-06-21 01:49 PM

Drudge Retort Headlines

Charlie Kirk Felled by Assassin (658 comments)

The Epstein Letter Is Real, and It's Bad (128 comments)

ICE Obtains Powerful Israeli Spyware Tools (36 comments)

Trump Epstein Letter and Drawing from 'birthday book' Released (29 comments)

Trump Plans Harder Test for US Citizenship (29 comments)

Supreme Court Lifts Restrictions on L.A. Immigration Stops (25 comments)

Confidence in Finding a New Job Falls to Record Low (21 comments)

Russia Hits Ukraine with Largest Air Attack of the War (20 comments)

South Korea says Deal Reached with US for Release of Detained Workers (20 comments)

Q1 Job Growth Revised Down by 911,000 Jobs (15 comments)