One of the most common types of malware is called “malvertising.” Malvertising is a malicious attack executed by placing harmful code into legitimate online advertising. The deceptive ads are then displayed, leading anyone who clicks on it to harmful websites, jeopardizing their online security.
Two things are making malvertising even more dangerous. First, hackers are using AI to make ads very believable. The other is that it’s on the rise, according to Malwarebytes. In the fall of 2023, malvertising increased by 42% (month over month).
It’s important to inform yourself about this online threat. Knowledge allows you to better protect yourself, especially when it comes to malicious cybercriminals. Below, we’ll help you understand malvertising. We’ll also give you tips on identifying and avoiding it.
What Is “Malvertising?”
As shared above, malvertising is the use of online ads for malicious activities. Take for example when the PlayStation 5 was first released. The PlayStation 5 was very hard to get, which created the perfect environment for hackers. Several malicious ads popped up on Google searches and the ads made it look like someone was going to an official site. Instead, they went to copycat sites. Criminals design these sites to steal user credentials and credit card details.
Google attempts to police its ads, but hackers often have their ads running for hours or days before they’re caught. These ads appear just as any other sponsored search ad on Google. Google is not the only site where malvertising appears as it has appeared on well-known sites that ended up being hacked as well as social media feeds.
Tips for Protecting Yourself from Malicious Online Ads
Review URLs Carefully
You might see a slight misspelling in an online ad’s URL. Just like phishing, malvertising often relies on copycat websites. Carefully review any links for things that do not look right.
Visit Websites Directly
A foolproof way to protect yourself is not to click any ads. Instead, go to the brand’s website directly. If they truly are having a sale you cannot pass up, you should see it there. This tip is useful for all types of phishing.
Use a DNS Filter
A DNS filter redirects your browser to a warning page if it detects danger. DNS filters look for warning signs and block dangerous sites. This can keep you safe even if you accidentally click a malvertising link.
Do Not Log in After Clicking an Ad
Malvertising will often land you on a copycat site. The login page may look identical to the real thing. One of the things phishers are trying to steal is login credentials. They can get big money for logins to sites like Netflix, banks, and more.
If you click an ad, do not input your login credentials on the site. Even if the site looks legitimate. Go to the brand’s site in a different browser tab.
Don’t Call Ad Phone Numbers
Phishing can also happen offline. Some malicious ads include phone numbers to call. Unsuspecting victims may not realize fake representatives are part of these scams. Seniors are often targeted with malvertising scams. They call and reveal personal information to the person on the other end of the line.
Make it a habit to avoid calling numbers listed in online ads. If you do end up on a call, avoid sharing any personal information. Keep in mind, this is part of a sophisticated scam, and individuals involved tend to exploit emotions like fear and they work hard to earn your trust.
Don’t Download from Ads
“Get a free copy of MS Word” or “Get a Free PC Cleaner.” These are common malvertising scams. They try to entice you by clicking a download link and it is often for a popular program or freebie. The link injects your system with malware and then is left open to the hacker to cause damage to your system and likely personal information and assets.
Being informed and proactive is the key to protecting yourself from malvertising. Follow the tips above and ensure your devices are up to date with security patches, have a trusted and active anti-malware solution, and that DNS filtering is installed to block dangerous websites.
If you would like assistance ensuring your environment is secure, please reach out to us to schedule a free 30-minute security assessment.