Protect Yourself from Malicious Online Ads (Malvertising)

Infected Systems

There are many types of malware and one of the most common is called “malvertising”. It crops up everywhere, including social media sites, websites and even on Google searches. There are two things are making malvertising even more dangerous: the first is that hackers use AI to make it very believable and the other is that it is on the rise. According to Malwarebytes in the fall of 2023, malvertising increased by 42% (month over month). It is important to inform yourself about this online threat and knowledge is the power to protect yourself, especially when it comes to malicious cybercriminals. In this blog article, we will help you understand malvertising. We will also give you tips on identifying and avoiding it.

What Is “Malvertising?”

Malvertising is the use of online ads for malicious activities. An example is when the PlayStation 5 was first released, it was very hard to source, which created the perfect environment for hackers. Malicious ads cropped up on Google searches that were made to look like someone was going to an official site, instead they went to copycat sites. Criminals design these sites to steal user credentials and credit card details. Google does attempt to police its advertising, but hackers can often have their ads running for hours or days before they are caught. These ads appear just as any other sponsored search ad on Google.

Google is not the only site where malvertising appears. It can appear on well-known sites that have been hacked, it can also appear on social media feeds or wherever a website has third party advertising.

Tips for Protecting Yourself from Malicious Online Ads

Here are some tips on how you can protect yourself from these malicious adverts.

Review URLs Carefully

You might see a slight misspelling in an online ad’s URL. Just like phishing, malvertising often relies on copycat websites so carefully review any links for things that look not quite right.

Use a DNS Filter

A DNS filter protects by redirecting your browser to a warning page if it detects a known bad site. DNS filters look for warning signs and block known dangerous sites from loading. This can help keep you safe, even if you accidentally click a malvertising link.

Do Not Log in After Clicking an Ad

Malvertising will often land you on a copycat site prompting for your login details. The login page may look identical to the real thing as the phishers are trying to steal your login credentials. They can get big money for logins to sites like Netflix, finance institutions and more. If you click an ad, do not input your login credentials even if the site looks legitimate. Manually enter in the websites details in a different browser tab if you need to go to that website.

Don’t Download from Ads

“You PC is slow”, “You have a virus”, “Get a free copy of MS Word” or “Get a Free PC Cleaner.” are common malvertising scams. They try to entice you into clicking a download link. They often refer to popular programs or prey on your fear of a potential issue. Once the link is clicked, it can inject your system with malware which allows the hacker to do further damage. Never click to download anything from an online ad. If you see an ad with a direct download link, it is often the sign of a scam.

Visit Websites Directly

A foolproof way to protect yourself is not to click any ads. Instead, go directly to the brand’s website. If they truly are having a “big sale,” you should see links on their main site. This tip is useful for all types of phishing, so don’t just click those links on website or emails, instead go to the source directly.

Don’t Call Ad Phone Numbers

Phishing can happen both online and offline with some malicious ads including phone numbers to call. Unsuspecting victims may not realise the people they ring are also part of these scams. Just do not call numbers in online ads. If you find yourself on a call, do not reveal any personal data and just hang up. Remember, this is an elaborate scam and these people prey on triggers like fear and work to gain your trust. If you need to speak with someone, manually enter the company’s website details and call the listed phone number on their official website.

Warn Other When You See Malvertising

If you see a suspicious ad, warn others as this helps keep your colleagues, friends and family more secure. If you are unsure, try a separate Google search on the ad. You may then see other posts from people confirming your suspicions. It is important to be smart and arm yourself with knowledge which you can then share with others. Foster this type of cyber-aware community. It helps everyone ensure better online security as well as get alerted of new scams cropping up.

Improve Your Online Security Today

A good starting point to get both yourself and your staff up to date on now to detect security issues is via the training at Cyberwardens, developed by the Australian Government.

You also need to make sure of:

  •  Are your devices up to date with security patches?
  • Do you have a good anti-malware solution?
  • Do you have an up to date firewall?
  • Is DNS filtering installed to block dangerous websites?

If you’re not sure of any of those questions, contact us. Our cybersecurity experts are here and we can help you find affordable solutions to secure your online world. Give us a call or email to schedule a chat about online security.