We have gone over the many types of malware before, but one that is becoming a lot more common is the type known as "malvertising." It crops up everywhere, especially on social media sites and Google search results. Reports from Malwarebytes show that in the fall of 2023, malvertising increased by 42%. Unfortunately, in addition to becoming more common, it is also becoming more difficult to detect due to the use of AI. Knowledge is critical to protect yourself from malicious cybercriminals, so take some time to learn about malvertising, identifying it, and avoiding it.
What Is "Malvertising?"
Malvertising is a form of phishing through the use of online ads. A good example can be found in the launch of the PlayStation 5, which many people were unable to obtain initially due to supply issues, which created the perfect environment for cybercriminals. Cybercriminals began to purchase ad space on Google searches and fill them with malicious ads that looked like official ones but instead went to phishing sites. These sites are designed to trick users into entering their credentials and credit card details, which are then stolen by cybercriminals. While Google does attempt to police its ads to prevent this sort of thing, hackers can often have their ads running for hours or days before they're caught, appearing just as any other sponsored search ad on Google. Malvertising is not limited to Google either; it frequently appears on well-known sites that have been hacked and social media feeds.
Tips for Protecting Yourself from Malicious Online Ads
Review URLs Carefully
Just like traditional phishing, malvertising frequently relies on copycat websites. Carefully review any links before you click them, identifying anything that looks off, such as differences in the URL compared to what it is supposed to be.
Visit Websites Directly
A foolproof way to protect yourself from malvertising is to just not click any ads. If you see an ad that you are interested in, rather than click it, navigate to the official website yourself. From there, you should be able to determine if whatever the ad was offering was legitimate without having to make a risky click. This tip is good for protecting yourself from all types of phishing. Don't click those links; if you can't find it on your own, then it probably wasn't real to begin with.
Use a DNS Filter
DNS filters look for warning signs of malicious websites and then block them if they determine them to be dangerous. A DNS filter can protect you if you accidentally click a link by redirecting your browser to a warning page if it detects danger.
Do Not Log in After Clicking an Ad
One of the primary things that phishers are trying to steal is login credentials that they can sell on the dark web, be it for banking accounts, streaming services, or more. If you click an ad, do not input your login credentials on the site, even if they look legitimate. After all, phishers are trying to make these sites look legitimate. Open a different browser tab and ensure you navigate to the brand's official site and log in from there.
Don't Call Ad Phone Numbers
Phishing is not limited to the web and computers either. Some malicious ads include phone numbers to call, which can lead unsuspecting victims into a false sense of security and end up talking with fake representatives in on the scam. Seniors are a frequent target of phone-based malvertising scams as they are statistically more likely to call and reveal personal information to the scammer. Avoid calling numbers in online ads, and if you find yourself on one of these calls, do not reveal any personal data and simply hang up.
Don't Download from Ads
Ads that say "Get a free copy of MS Word" or "Get a Free PC Cleaner" or other similar offers are common malvertising scams that try to trick you into downloading malware. These scams tend to offer a free version of a popular program or software, but clicking the link actually injects your system with malware. Never click to download anything from an online ad, as these direct download links are almost universally scams.
Warn Others When You See Malvertising
If you see a suspicious ad, warn others; the best way to protect ourselves from cybercrimes is by working together to catch scams and help keep each other secure. If you're unsure about an ad's authenticity, try a web search on the ad, as scams that others have also noticed might have alerts out to warn people not to interact with them, confirming your suspicion. Arm yourself with knowledge and then share that knowledge with others to foster a cyber-aware community where everyone ensures better online security and gets alerted of new scams cropping up.