Fake support numbers are being planted in AI search answers
You search for a company's customer-service number, the AI answer at the top of the page hands you one in a clean little box, you call it, and you reach a scammer. This is one of the fastest-growing scams of 2026, and it works because an AI answer presents a single confident result instead of a list of sources you can judge for yourself. Here is how scammers get their numbers into AI Overviews and chatbots, the real cases that have been reported, and the one habit that beats the whole thing.
Quick Take: the AI answer can be the scam
Scammers plant fake "customer support" phone numbers across forums, low-quality websites, PDFs and business listings so that Google AI Overviews, Google AI Mode and AI chatbots scrape them and surface them as the answer when you search for a company's support line. You call the number, reach a fake call center, and a scammer posing as a real agent pressures you for card details, login codes or remote access to your device. Some operations even reroute or "transfer" you to keep the illusion of a real support queue. This pattern has been documented by Digital Trends, The Washington Post, Slashdot and CyberHoot through 2025 and 2026, with named examples including a fake Royal Caribbean number and a fake Southwest Airlines number that surfaced in Google's AI results. Google says it works to remove unreliable entries from AI Overviews, but the safe rule is simple: never call a phone number an AI answer gives you. Open the company's own app, or type its official website address yourself, and use only the number listed there. SafeBrowz scans the website behind a support result and flags lookalike "support" pages before you hand anything over.
Why the AI answer is the weak point
For years the advice for finding a support number was "search and check a few sources." A normal results page gives you ten blue links, and you can usually tell the official site from a spammy forum. An AI Overview or chatbot collapses all of that into one answer. There is no list to compare. There is one number, presented with confidence, often without an obvious source you can click and inspect.
That confidence is exactly what scammers exploit. As CyberHoot put it in its analysis of the trend, AI search bots do not verify phone numbers, business listings or URLs against authoritative sources the way you would if you were reading a list. The model gives you one answer, and most people take it. CyberHoot describes AI search as a new attack surface for support scams for that reason: the scam now begins inside the answer box, before any phishing page is even involved.
The result is that the oldest trick in the book, a fake support number, gets a brand-new delivery channel that feels more trustworthy than a search result, not less.
How scammers get their number into the answer
The technique is a form of data poisoning. Scammers do not hack the AI. They feed the open web the data they want it to repeat.
- Flooding user-generated sites. They post fake support numbers for major companies across forums, complaint boards, Q and A sites, comment sections and free blog hosts, often pairing the number with the real company name so it reads like a genuine help thread.
- SEO-boosted lookalike pages. They stand up websites that look like a support or contact page, optimized so that AI crawlers scrape them and treat the content as a reasonable source.
- Misleading business listings. They plant fraudulent contact details in places that feed maps and business profiles, so the wrong number rides along with a familiar brand name.
- A self-reinforcing loop. CyberHoot notes that once a fake number is published in enough places, more AI bots consume it and republish it, and other low-effort sites copy it, which perpetuates the bad data and makes it look even more "confirmed."
None of this requires breaking into Google or any chatbot. It is about polluting the sources the model reads. When enough corners of the web carry the same fake number next to a real brand, the model can present it as the answer.
Check the support page before you trust the number
If an AI answer or a search result links to a "support" or "contact" page, paste that link below before you call anything or type your details. Our 3-layer engine (Local + APIs + AI) checks the destination against a 550+ brand database and returns a verdict in about 3 seconds. Free, no signup.
What happens when you call
The phone is where the money is lost. The number itself costs nothing to spoof, but the call center on the other end is built to sound legitimate.
- A "support agent" answers in character. They use the company name, a hold-music intro, even a queue. CyberHoot lists the playbook: phony agents try to extract payment information, push remote-access tools to "fix" a problem that does not exist, run refund scams that trick you into sending money back, and attempt account takeover the moment you engage.
- They ask for the things a real company would never ask for cold. Card numbers, one-time login codes, your password, or permission to install a remote-control app so they can "see the issue."
- Some operations reroute or transfer you. To reinforce the feeling of a real support desk, a scam call center may put you on hold and "transfer" you between scripted roles, or hand you to a second person who poses as a supervisor or a "fraud department." The transfer is theater. It is the same operation, designed to lower your guard before the ask.
The danger is that nothing about the call requires you to visit a sketchy website. You found the number through what looked like the most authoritative box on the page, and now a calm, professional voice is walking you toward a payment or a code. This is the same psychology behind a fake Microsoft pop-up tech-support scam, just delivered through an AI answer instead of a browser pop-up.
Real cases that have been reported
This is not hypothetical. Through 2025 and 2026, mainstream outlets documented specific instances of Google's AI results surfacing scam support numbers.
- Royal Caribbean. Digital Trends and The Washington Post reported that a person searching for the cruise line's customer-service number through Google's AI Overview was shown a number that did not belong to the company and was operated by a scammer.
- Southwest Airlines. A fake support number surfaced for the airline that was not on its official site, used by fraudsters who tried to charge people for "fixing" a misspelled name on a ticket.
- Other tested brands. Reporters found AI search returning numbers for major consumer services that were not in the company's official directory, including numbers that traced back to complaint boards rather than the brand itself.
Google told The Washington Post that it continues to remove unreliable entries from AI Overviews. That is a reactive cleanup, not a guarantee, which is why the responsibility lands back on how you find a support number in the first place.
Where this fits in Google's 2026 fraud reporting
Google publishes a recurring fraud and scams advisory. Its June 2026 edition focused on threats like adversary-in-the-middle and QR-code phishing, AI-driven cryptocurrency scams, malicious mobile apps, and police-impersonation "digital arrest" scams, and it repeated a theme that runs through all of Google's 2026 scam guidance: rely on official sources for contact details rather than whatever a search surfaces. Separately, Google has acknowledged the AI Overview support-number problem directly to reporters and said it removes unreliable entries as it finds them.
So while the fake-support-number-in-AI-search pattern is not the headline of any single advisory, it sits squarely inside Google's broader 2026 message: AI is reshaping how scams reach people, and the contact details you act on should come from a verified, official source, not from the most confident-looking box on a results page. This is a close cousin of search-engine phishing through paid ads, where the scam rides the top of the page instead of the answer box.
Red flags before you dial
- You got the number from an AI answer, a chatbot, or a random forum. The single biggest tell. If a number did not come from the company's own app or its official website that you typed yourself, treat it as unverified.
- The number is not on the company's official contact page. Open the real site and compare. A support number that exists in the AI answer but not on the brand's own "Contact us" page is a red flag.
- The agent asks for a one-time code, password, or full card number. Real support does not need your login code or your password to help you. They will never ask you to read out an authentication code.
- You are asked to install remote-access software. "Let me connect to your device to fix it" is the move that ends with your bank app open in front of a stranger.
- Pressure, urgency, or a sudden "transfer to the fraud department." Manufactured urgency and theatrical transfers are designed to keep you from stopping to verify.
- The "support" page you were sent to is a lookalike domain. A contact page on a hyphenated or off-brand domain, rather than the company's exact official address, is a sign you are inside the scam, not next to it.
How to find a real support number safely
- Use the company's own app first. Banks, airlines, marketplaces and delivery services put their genuine support contact and chat inside their official app. The number you reach from inside a logged-in app is the one to trust.
- Type the official website address yourself. Go to the brand's real domain by typing it into the address bar, not by clicking an AI answer or a search result, and find the number on its official "Contact" or "Help" page. Bookmark the support pages of companies you rely on so you are not searching at all next time.
- Treat the number on the back of your card or a paper statement as authoritative. For banks and card issuers, the number printed on the physical card or an official statement is a safe source.
- Do not call a number from an AI answer, chatbot, PDF, Reddit post or forum. CyberHoot's guidance is blunt: never trust a support number from AI search without verifying it on the vendor's official website.
- Check the link before you trust the page. If a result sends you to a "support" page, scan the destination first. A browser-layer scanner flags a lookalike support page before you start reading a number off it. Run any suspicious link through the SafeBrowz scam checker.
What to do if you already called
- Hang up and stop the session. If you installed any remote-access tool, disconnect from the internet, uninstall it, and run a security scan. If you gave a password or code, change that password immediately from a device you trust.
- Call your bank using the number on your card. If you shared card details or made a payment, contact your bank or card issuer through their genuine number to freeze the card and dispute the charge.
- Lock down accounts and revoke sessions. Change passwords, sign out of all active sessions, and re-check your recovery email and phone. See what to do right after a scam for the full sequence.
- Report it. In the US, report to the FTC at reportfraud.ftc.gov and to the FBI Internet Crime Complaint Center at ic3.gov. In the UK, report to Action Fraud. Reporting the fake number and the lookalike page helps get them removed.
How SafeBrowz blocks this threat
SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.
- Layer 1 - Local detection: 60+ URL pattern signatures plus a 550+ brand database plus homograph and Punycode checks, all running before the page renders. When an AI answer or search result links to a "support" page on a non-official, lookalike host, this layer flags the brand impersonation at the URL itself.
- Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus and ScamAdviser feeds plus 30+ scam TLD lists, so a fake-support page or domain already reported by others is caught on arrival.
- Layer 3 - AI deep scan (Premium): AI content analysis via our proxy reads a brand-new "support" or "contact" page in 100+ languages and flags one that imitates a brand it is not, even if the page has never been reported before.
Honest scope: SafeBrowz checks the website a support result links to, and flags a lookalike or fake-support page before you act on it. What it cannot do is tell you a phone number is fake by the digits alone, because a phone number is not a website our engine can scan. That is why the rule still holds: reach support through the brand's own app or its official site typed directly, never a number an AI answer hands you. SafeBrowz protects the web half of this scam, the page behind the link, while that habit protects the phone half. Use both. SafeBrowz is a free extension for Chrome, Firefox and Edge (Safari coming soon), plus a live SafeBrowz Android app that checks links the same way on your phone, where most of these calls actually start.
Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.
Where browser-layer defense fits
The fake number lives on the phone, but it almost always travels with a web component: the poisoned page that planted it, or the lookalike support page you get sent to. That web layer is checkable before you act, and it is where a brand-aware scanner earns its place. SafeBrowz reads the destination of a support link before it renders and flags a contact page that wears a brand it does not belong to. On your phone, where a quick search and a tap-to-call can happen in seconds, the SafeBrowz Android app does the same check on the link before you ever dial. Learn how to tell if a website is a scam, read the full tech-support scam guide, install SafeBrowz, and back it with the one rule that beats this entire category: get the number from the company's own app or official site, never from an AI answer.
Install SafeBrowz free
Add the browser extension, or the SafeBrowz Android app, that runs every check in this article automatically. When a search result or AI answer sends you to a "support" page, SafeBrowz flags a lookalike or fake-support site before you read a number off it. Free forever, with optional Premium AI deep scan at $14.99 per year.
Add to Chrome
Add to Firefox
Add to Edge
Get it on Google Play
Frequently asked questions
How do fake support numbers end up in Google AI Overviews?
Scammers seed the open web with fake support numbers for well-known companies, posting them across forums, complaint boards, free blog hosts, lookalike "support" pages and misleading business listings, usually paired with the real brand name. AI Overviews and chatbots scrape that content and can present the planted number as the answer when you search for a company's support line. The AI does not verify the number against an authoritative source the way a careful person reading a list would, so a confident-looking answer can be wrong. The fix is to get the number from the company's own app or official site, not the AI answer.
What happens if I call a fake support number from an AI answer?
You reach a fake call center. A scammer answers posing as a real agent, often with hold music and a queue to sound legitimate, then tries to extract card details, one-time login codes or your password, or pushes you to install remote-access software to "fix" a problem. Some operations reroute or "transfer" you between scripted roles to reinforce the illusion of a real support desk. The goal is a payment, a code, or control of your device or account. Hang up if you are asked for a login code, a full card number, or to install remote-access software.
Did Google's June 2026 fraud advisory cover this?
Google's June 2026 fraud and scams advisory focused on adversary-in-the-middle and QR-code phishing, AI cryptocurrency scams, malicious mobile apps, and police-impersonation scams, and it repeated Google's broader 2026 guidance to rely on official sources for contact details. The specific AI Overview fake-support-number problem has been documented separately by outlets including Digital Trends, The Washington Post and Slashdot, and analyzed by CyberHoot. Google has told reporters it continues to remove unreliable entries from AI Overviews. So it sits inside Google's wider 2026 message even though it is not the headline of that one advisory.
How do I find a real customer support number safely?
Use the company's own app first, since genuine support contact lives inside a logged-in official app. Otherwise type the brand's real website address into your address bar yourself and read the number off its official Contact or Help page, rather than clicking an AI answer or a search result. For banks and card issuers, the number printed on the back of your card or on an official statement is a safe source. Never call a number you got from an AI answer, a chatbot, a PDF, a Reddit post or a forum without confirming it on the vendor's official site.
Can SafeBrowz block a fake support phone number?
SafeBrowz cannot judge a phone number by its digits, because a number is not a website it can scan. What it does block is the web half of the scam: when an AI answer or search result links to a "support" or "contact" page, SafeBrowz checks that destination against a 550+ brand database with 60+ URL pattern signatures and optional AI content analysis, and flags a lookalike or fake-support page before you act on it. Pair that with the rule of reaching support through the brand's own app or official site, and both halves of the scam are covered.
Related SafeBrowz coverage
- The complete tech-support scam guide for 2026
- Fake Microsoft pop-up tech-support scam and the DOJ case
- Search-engine phishing through Google Ads
- Angler phishing: fake support accounts on social media
- Malvertising: how malicious ads deliver scams
- How to tell if a website is a scam
- I got scammed: what to do right now
- How to spot a Microsoft phishing email
Bottom line: Fake support numbers planted in AI search answers work because an AI Overview or chatbot gives you one confident number instead of a list you can judge, and the call center behind it is built to sound real. The fix is one habit and one tool: never call a number an AI answer hands you, get it from the brand's own app or official site typed directly, and keep SafeBrowz on your browser and phone so the lookalike support page behind a bad link is flagged before you ever read a number off it.