If you’re trying to scam someone, you want to reach as many people as you can — that’s why you’ve almost certainly received one of the literally billions of scam phone calls made every year.
But it’s not just phone calls you need to be cautious of. Scammers and fraudsters are no strangers to putting up fake websites, and one recent example involves sites impersonating Disney+.
This particular crop of phony websites is concerning because Malwarebytes found them ranking high in Google searches. That makes them particularly dangerous to anyone who doesn’t manually type the full www.disneyplus.com URL into the browser address bar and instead relies on a quick search to find the relevant web page.
The security researchers found that these high-ranking fake sites throw up a misleading image and Disneyplus.com/begin text — not the actual URL in the browser — as you can see below:
Then you get a spiel that’s familiar to anyone who spends any time on the web: a fake Microsoft “security scan” pop-up that says you have all manner of nasty stuff on your computer, including trojans, spyware, and “child pornography.” This is meant to terrify you into taking immediate action, which is to call the fake Microsoft support phone number that’s displayed on the screen.
Savvy web users might notice that nothing has actually happened outside the web browser. But less experienced users — including children and grandparents — might call the number right away. Once you’re on the line with a scammer, they’ll guide you through a “remote login session,” at which point they’ll install actual malware or just try to get you to send money to them over the phone.
Related: The most common phishing scams to know about
Again, none of this is unusual or surprising, but it’s the latest example of scammers worming their way into highly relevant search results and widening their nets to millions of potential victims.
And it’s not just the less technically inclined that might get suckered in. I’ve been using the web pretty much every day since the late 90s, and I almost fell for a fake shoe store earlier this year. (That one also ranked highly in Google results.) We’ve seen bogus sites impersonating Chrome downloads get to the top of Bing search results, a particularly clever and devious little work-around that self-selects for more advanced PC users.
Google’s constantly working to hunt down and remove fakes and scams. Whatever you think of the declining quality of its search engine, the company will protect its high-ranking results if only out of self-interest. But the gargantuan scale of the web means that most of its tools are automated, which also means clever (mostly) human scammers are going to find the cracks in its systems and figure out ways to get to the top of organic search results. (Or just flat-out pay for Google advertising and bust through their various security methods.)
Microsoft does make tools for securing Windows — and they’re pretty good — but they won’t pop up out of the blue to accuse you of downloading pornography, nor will they give you a phone number to call.
Further reading: The best habits for staying safe online