Scammers are exploiting Google’s ad platform to inject fake customer service numbers onto legitimate company webpages. Unsuspecting users might believe they’re on the official Apple, Microsoft, or PayPal site, for instance, and call the number provided, falling into a scam trap. The hackers append parameters to Google ad URL links, which when clicked, launch the official website while displaying a fake phone number. Experts from Malwarebytes suggest avoiding Google ad links and clicking directly on organic results instead.
Password Reset Poisoning Attack Allows Account Takeover Using the Password Reset Link
A newly discovered vulnerability in password reset mechanisms allows attackers to hijack user accounts by manipulating password reset links. This “Password Reset Poisoning” attack exploits
