Malvertising: Online Deceptive Threat to Your Business

December 5, 2024

“Malvertising” is the use of online ads to deliver malware or redirect users to copycat websites that mislead them into sharing personal data. These malicious ads are widespread, appearing on social media, websites, and even in Google search results.  These ads can infect your devices with viruses, spyware, keyloggers, ransomware, hijackers, and other pieces of software which can monitor your activity, steal your passwords, or even lead to identity theft.

console mixage numerique 2

Malvertising poses a growing threat to individuals and businesses, especially smaller companies that may not have dedicated IT staff.  Hackers are using AI to make malware ads more believable, and the spread of these dangerous ads is on the rise. By late 2023, according to Malwarebytes, malvertising increased by 42% (month over month) and inflicted more than $8 trillion dollars in damage to the global economy.

Understanding how malvertising works protects both you and your business. Here are some tips on how to identify this online threat and avoid it.

Hidden Malicious Ads

A good example of malvertising involved the release of PlayStation 5. This model was popular and hard for buyers to get. The demand created the perfect environment for hackers. Several malicious ads for PlayStation 5 appeared in Google searches at the time. The ads seemed to link to an official website but instead directed people to copycat sites. Criminals used the fake sites to steal personal credentials and credit card details.

While Google monitors for malicious ads, hackers can often run them for hours or days before they’re detected. The malware ads are difficult to spot as they look like other sponsored search ads.

The issue is widespread on a global level affecting thousands of websites and search engines every day.  These malicious ads appear on well-known websites that have been hacked or in social media feeds luring unsuspecting visitors.

Tips for Protecting Yourself from Malvertising

Review URLs Carefully

Carefully review ad links for anything that doesn’t look right, such as a slight misspelling in an online ad’s URL. Just like phishing scams, malvertising often relies on misdirecting people to copycat websites.

Visit Websites Directly

The best way to protect yourself from malvertising is not to click on any ads promising sales or deals. Instead, go to the relevant brand’s website directly. If the brand is truly having a “big sale,” you should see details on the official site. This tip applies to any type of phishing scam.

Use a DNS Filter

A DNS filter protects you from mistake clicks by redirecting your browser to a warning page if it detects a malware site. This keeps you and your business safe even if you accidentally click a malvertising link.

Do Not Log in After Clicking an Ad

Malvertising will often land you on a copycat website which looks identical to the real thing. The site may mimic one you regularly use for financial transactions, such as banking. Hackers are using the site to try to steal your login credentials and sell them. If you click an ad, don’t input your login credentials on a site, even if it looks legitimate. Go to the relevant brand’s site in a different browser tab.

Don’t Call Ad Phone Numbers

Phishing can also happen offline. Some malicious ads include phone numbers to call. Unsuspecting victims may not realize the fake representatives who answer are part of the scam. Seniors are often targeted with malvertising. They call and reveal personal information to the person on the other end of the line to build credibility. Avoid calling numbers in online ads but if you do call, don’t reveal any personal data.

Don’t Download from Ads

Some common malvertising scams try to entice you into clicking a download link for a popular program or freebie. Ads may read “Get a free copy of MS Word” or “Get a Free PC Cleaner.”  If you download this link, it injects your system with malware. A hacker will use the malware to damage your computer system or steal data. Never click to download anything from an online ad as it’s often a scam.

Warn Others When You See Malvertising

If you see a suspicious ad, warn others. This helps your colleagues, friends, and family stay secure. If you’re unsure if an ad is malicious, try doing a Google search on the ad. You’ll often run across scam alerts confirming your suspicion. Sharing information about scams helps foster a cyber-aware community so everyone has better online security.

Employee Security Awareness Training

Because most data breaches are caused by human error, your employees are the best line of defense against malvertising. Security awareness training for staff creates an effective security culture within your company by helping them stay on the lookout for online threats. Employees who can recognize and deter potential phishing scams act as a “human firewall” which can reduce a company’s vulnerability to malicious attacks by as much as 92%.  When in doubt, train them not to click it!

Improve Your Online Security Today

Is your computer system up to date with security patches? Do you have a good anti-malware solution? Is DNS filtering installed to block dangerous websites? Are your employees online security aware?

If you need to improve your online security and protect your personal and business data, contact us. Our cybersecurity experts will help you find solutions to secure your online world and your business.

Give us a call at 888-609-0884 or visit www.tnius.com to schedule a chat about online security.

Sources:

Article used with permission from The Technology Press.

ITOPIA.com.au: Combat Phishing Attacks with a Human Firewall

Titan HQ: A Comprehensive Guide to Phishing Training for Employees

Posted in Cybersecurity, Malware