www.malwarebytes.com
Open in
urlscan Pro
192.0.66.233
Public Scan
Submitted URL: https://4cubhzuab.cc.rs6.net/tn.jsp?f=001fCzA2pQU6T4hLOXCJwnHaRLBRxlSkdA5Tecwo951sbdBxcghzHJIc9Dunq1TWrEFFdGszzlyxYsXRywUp50G...
Effective URL: https://www.malwarebytes.com/blog/news/2024/05/watch-out-for-tech-support-scams-lurking-in-sponsored-search-results?web_view=...
Submission: On May 08 via api from OM — Scanned from DE
Effective URL: https://www.malwarebytes.com/blog/news/2024/05/watch-out-for-tech-support-scams-lurking-in-sponsored-search-results?web_view=...
Submission: On May 08 via api from OM — Scanned from DE
Form analysis 5 forms found in the DOM
GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/blog/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/blog/">
<div class="labs-sub-nav__searchbar-wrap">
<input class="labs-sub-nav__search-input" type="text" name="s" placeholder="Search Labs">
<button class="labs-sub-nav__search-button" id="cta-labs-rightrail-search-submit-en" aria-label="Search in Malwarebytes">
<svg xmlns="http://www.w3.org/2000/svg" width="35px" height="35px" viewBox="0 0 24 24" fill="none">
<g clip-path="url(#clip0_15_152)">
<rect width="24" height="24" fill="none"></rect>
<circle cx="10.5" cy="10.5" r="6.5" stroke="#0d3ecc" stroke-linejoin="round"></circle>
<path d="M19.6464 20.3536C19.8417 20.5488 20.1583 20.5488 20.3536 20.3536C20.5488 20.1583 20.5488 19.8417 20.3536 19.6464L19.6464 20.3536ZM20.3536 19.6464L15.3536 14.6464L14.6464 15.3536L19.6464 20.3536L20.3536 19.6464Z" fill="#0d3ecc">
</path>
</g>
<defs>
<clipPath id="clip0_15_152">
<rect width="24" height="24" fill="#0d3ecc"></rect>
</clipPath>
</defs>
</svg>
</button>
</div>
</form>GET https://www.malwarebytes.com/digital-footprint-app
<form style="margin-bottom: 32px; border-radius: 1em; padding: 24px 16px; background-color: #18181a; background-image: radial-gradient(#525252 1.5px,transparent 0); background-size: 20px 20px;" id="form" method="GET"
action="https://www.malwarebytes.com/digital-footprint-app" target="_blank" __bizdiag="96619420" __biza="WJ__" vwo-element-id="1713202132545" vwo-op-1713202348479="">
<h2 style="margin: 0 8px 0 8px; color: #fff; font-family: Poppins,sans-serif; font-size: 24px; margin-bottom: 24px" class="vwo_1712655349804 vwo_1712757835977" dir="ltr"> <img class="mb-logo"
src="https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/src/digital-footprint/dist/assets/mb-logo.svg" alt="malwarebytes logo" style="height: 18px"> <br>Digital Footprint Portal </h2>
<p style="color: #fff; margin-left: 8px; margin-right: 8px" class="vwo_1712654910657 vwo_1712655348228 vwo_1712655373236">Enter your email to see if your personal data has been exposed. </p>
<div style="display: flex; justify-content: flex-end; flex-wrap: wrap;" class="vwo_1712617537229">
<div style="margin: 0 8px 16px 8px; flex-grow: 1; display: flex; padding: 24px 20px; align-items: center; gap: 12px; border-radius: 28px; border: 1px solid #fff; box-shadow: 0 1px 2px #0d10170f; height: 20px; background-color: #18181a;"
class="vwo_1712616680831 vwo_1712616818681 vwo_1712655073123"> <img
src="data:image/svg+xml,%3csvg%20width='20'%20height='20'%20viewBox='0%200%2020%2020'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3cpath%20d='M2.7978%203.49805H17.1978C18.1878%203.49805%2018.9978%204.25945%2018.9978%205.19004V15.342C18.9978%2016.2726%2018.1878%2017.034%2017.1978%2017.034H2.7978C1.8078%2017.034%200.997803%2016.2726%200.997803%2015.342V5.19004C0.997803%204.25945%201.8078%203.49805%202.7978%203.49805Z'%20stroke='white'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M18.9978%205.18848L9.99779%2011.1105L0.997803%205.18848'%20stroke='white'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/svg%3e"
alt="email icon"> <input style="margin: 0; width: 100%; background-color: #18181a; border: none; outline: none; color: #fff; font-size: 20px; font-style: normal; font-weight: 300; line-height: 24px;" type="email" name="email"
autocomplete="off" placeholder="name@email.com" class="vwo_1712616897633 vwo_1712660000524"> </div> <input type="submit" value="Scan"
style="margin: 0 8px 0 8px; background: #0d3ecc; color: #fff; border: none; height: 50px; border-radius: 100px; padding: 14px 40px" class="vwo_1712660005400">
</div>
</form>https://www.malwarebytes.com/newsletter/
<form action="https://www.malwarebytes.com/newsletter/" class="newsletter-form">
<div class="newsletter-form__inline">
<label>Email Address</label>
<input type="email" name="email" id="cta-footer-newsletter-input-email-en" placeholder="Email Address" required="" class="newsletter-form__email">
<input type="hidden" class="newsletter-form__pageurl" value="https://www.malwarebytes.com/blog/news/2024/05/watch-out-for-tech-support-scams-lurking-in-sponsored-search-results">
<input name="source" type="hidden" value="">
<input type="submit" value="Sign Up" class="newsletter-form__btn" id="cta-footer-newsletter-subscribe-email-en">
</div>
<div class="newsletter-form__validate hidden">
<span></span>
</div>
</form>Text Content
Skip to content
Search
Search Malwarebytes.com
Search for:
* Contact Us
* Personal Support
* Business Support
* Get a Quote
* Contact Press
* Submit Vulnerability
* Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
* Personal
< Personal
Products
* Malwarebytes Premium Security >
* Malwarebytes Privacy VPN >
* Malwarebytes Identity Theft Protection >
* Malwarebytes Browser Guard >
* Malwarebytes for Teams/small offices >
* AdwCleaner for Windows >
--------------------------------------------------------------------------------
Find the right product
See our plans
Infected already?
Clean your device now
Solutions
* Free antivirus >
* Free virus scan & removal >
* Windows antivirus >
* Mac antivirus >
* Android antivirus >
* iOS security >
* Chromebook antivirus >
* Digital Footprint Scan >
See personal pricing
Manage your subscription
Visit our support page
* Business
< Business
BUNDLES
* ThreatDown Bundles
* Protect your endpoints with powerfully simple and cost-effective bundles
* Education Bundles
* Secure your students and institution against cyberattacks
TECHNOLOGY HIGHLIGHTS
* Managed Detection & Response (MDR)
* Deploy fully-managed threat monitoring, investigation, and remediation
* Endpoint Detection & Response (EDR)
* Prevent more attacks with security that catches what others miss
* Explore our portfolio >
Visualize and optimize your security posture in just minutes.
Learn more about Security Advisor (available in every bundle). >
* Pricing
< Pricing
Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing (5+ employees)
Step up your corporate endpoint security. Save up to 45%
* Partners
< Partners
Explore Partnerships
Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Affiliate Partners
Contact Us
* Resources
< Resources
Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
Malwarebytes Labs – Blog
* Glossary
* Threat Center
Business Resources
* Reviews
* Analyst Reports
* Case Studies
Press & News
Reports
The State of Malware 2023 Report
Read report
* Support
< Support
Technical Support
* Personal Support
* Business Support
* Premium Services
* Forums
* Vulnerability Disclosure
* Report a False Positive
Featured Content
* Activate Malwarebytes Privacy on Windows device.
See Content
Product Videos
Free Download
* Contact Us
* < Contact Us
* Personal Support
* Business Support
* Get a Quote
* Contact Press
* Submit Vulnerability
* Company
* < Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* < Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
Search Search
Search Malwarebytes.com
Search for:
SUBSCRIBE rss
News | Scams
WATCH OUT FOR TECH SUPPORT SCAMS LURKING IN SPONSORED SEARCH RESULTS
Posted: May 2, 2024 by Pieter Arntz
DIGITAL FOOTPRINT PORTAL
Enter your email to see if your personal data has been exposed.
This blog post was written based on research carried out by Jérôme Segura.
A campaign using sponsored search results is targeting home users and taking
them to tech support scams.
Sponsored search results are the ones that are listed at the top of search
results and are labelled “Sponsored”. They’re often ads that are taken out by
brands who want to get people to click through to their website. In the case of
malicious sponsored ads, scammers tend to outbid the brands in order to be
listed as the first search result.
The criminals that buy the ads will go as far as displaying the official brand’s
website within the ad snippet, making it hard for an unsuspecting visitor to
notice a difference.
Who would, for example, be able to spot that the below ad for CNN is not
legitimate. You’ll have to click on the three dots (in front of where we added
malicious ad) and look at the advertiser information to see that it’s not the
legitimate owner of the brand.
Only then it becomes apparent that the real advertiser is not CNN, but instead a
company called Yojoy Network Technology Co., Limited.
Below, you can see another fake advertisement by the same advertiser, this time
impersonating Amazon.
In our example, the scammers failed to use the correct CNN or Amazon icons, but
in other cases (like another recent discovery by Jerome Segura), scammers have
even used the correct icon.
The systems of the people that click one of these links are likely to assessed
on what the most profitable follow-up is (using a method called fingerprinting).
For systems running Windows, we found visitors are redirected to tech support
scam websites such as this one.
Tech Support Scam site telling the visitor to call 1-844-476-5780
You undoubtedly know the type. Endless pop-ups, soundbites, and prompts telling
the visitor that they should urgently call the displayed number to free their
system of alleged malware.
These tech support scammers will impersonate legitimate software companies (i.e.
Microsoft) and charge their victims hundreds or even thousands of dollars for
completely bogus malware removal.
GETTING HELP IF YOU HAVE BEEN SCAMMED
Getting scammed is one of the worst feelings to experience. In many ways, you
may feel like you have been violated and angry to have let your guard down.
Perhaps you are even shocked and scared, and don’t really know what to do now.
The following tips will hopefully provide you with some guidance.
If you’ve already let the scammers in
* Revoke any remote access the scammer has (if you are unsure, restart your
computer). That should cut the remote session and kick them out of your
computer.
* Scan your computer for malware. The miscreants may have installed password
stealers or other Trojans to capture your keystrokes. Use a program such
as Malwarebytes to quickly identify and remove threats.
* Change all your passwords. (Windows password, email, banking, etc.)
If you’ve already paid
* Contact your financial institution/credit card company to reverse the charges
and keep an eye out for future unwanted charges.
* If you gave them personal information such as date of birth, Social Security
Number, full address, name, and maiden name, you may want to look at some
form of identity theft protection.
--------------------------------------------------------------------------------
REPORTING THE SCAM
File a report
* In the US: File a complaint (FTC)
* In Canada: Contact law enforcement
* In the UK: Report fraud | Report a cold call
* In Australia: Report a scam
Shut down their remote software account
* Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s
support. They can later use the information you provide to block
people/companies.
* LogMeIn: Report abuse
Spread the word
You can raise awareness by letting your friends, family, and other acquaintances
know what happened to you. Although sharing your experience of falling victim to
these scams may be embarrassing, educating other people will help someone caught
in a similar situation and deter further scam attempts.
--------------------------------------------------------------------------------
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your
family’s—personal information by using identity protection
SHARE THIS ARTICLE
RELATED ARTICLES
Podcast
TRACING WHAT WENT WRONG IN 2012 FOR TODAY’S TEENS, WITH DR. JEAN TWENGE: LOCK
AND CODE S04E10
May 6, 2024 - This week on the Lock and Code podcast, we speak with Dr. Jean
Twenge about smartphones, social media, and a teen mental health crisis.
CONTINUE READING 0 Comments
News | Privacy
DROPBOX SIGN CUSTOMER DATA ACCESSED IN BREACH
May 2, 2024 - After a breach in the Dropbox Sign environment, customer
information may have been stolen and API users have restricted functionality
CONTINUE READING 0 Comments
News
MALWAREBYTES PREMIUM SECURITY EARNS “PRODUCT OF THE YEAR” FROM AVLAB
April 30, 2024 - Malwarebytes Premium earned "Product of the Year" from AVLab
for repeatedly blocking 100% of malware samples used in third-party testing.
CONTINUE READING 4 Comments
News | Personal | Privacy
KAISER HEALTH INSURANCE LEAKED PATIENT DATA TO ADVERTISERS
April 29, 2024 - Health insurance giant Kaiser has announced it will notify
millions of patients that it shared their data with advertisers.
CONTINUE READING 0 Comments
News | Personal
TIKTOK COMES ONE STEP CLOSER TO A US BAN
April 24, 2024 - The US Senate has approved a bill that will ban TikTok, unless
it finds a new owner, bringing it one step closer to being signed into law.
CONTINUE READING 2 Comments
ABOUT THE AUTHOR
Pieter Arntz
Malware Intelligence Researcher
Was a Microsoft MVP in consumer security for 12 years running. Can speak four
languages. Smells of rich mahogany and leather-bound books.
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
FOR PERSONAL
* Windows Antivirus
* Mac Antivirus
* Android Antivirus
* Free Antivirus
* VPN App (All Devices)
* Malwarebytes for iOS
* SEE ALL
COMPANY
* About Us
* Contact Us
* Careers
* News and Press
* Blog
* Scholarship
* Forums
FOR BUSINESS
* Small Businesses
* Mid-size business
* Larger Enterprise
* Endpoint Protection
* Endpoint Detection & Response (EDR)
* Managed Detection & Response (MDR)
FOR PARTNERS
* Managed Service Provider (MSP) Program
* Resellers
MY ACCOUNT
Sign In
SOLUTIONS
* Digital Footprint Scan
* Rootkit Scanner
* Trojan Scanner
* Virus Scanner
* Spyware Scanner
* Password Generator
* Anti Ransomware Protection
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
LEARN
* Malware
* Hacking
* Phishing
* Ransomware
* Computer Virus
* Antivirus
* What is VPN?
* Twitter
* Facebook
* LinkedIn
* Youtube
* Instagram
CYBERSECURITY INFO YOU CAN’T LIVE WITHOUT
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Email Address
English
* Legal
* Privacy
* Accessibility
* Compliance Certificates
* Vulnerability Disclosure
* Terms of Service
© 2024 All Rights Reserved
Select your language
* English
* Deutsch
* Español
* Français
* Italiano
* Português (Portugal)
* Português (Brasil)
* Nederlands
* Polski
* Pусский
* 日本語
* Svenska
This site uses cookies in order to enhance site navigation, analyze site usage
and marketing efforts. Please see our privacy policy for more information.
Privacy Policy
Cookies Settings Decline All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE AND FUNCTIONALITY
Performance and Functionality
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
ANALYTICS
Analytics
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
ADVERTISING
Advertising
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Decline All Confirm My Choices