There are many types of malware. One of the most common is called “malvertising.” It crops up everywhere. You can also see these malicious ads on Google searches.
Two things are making malvertising even more dangerous. One is that hackers use AI to make it very believable. The other is that it’s on the rise, according to Malwarebytes. In the fall of 2023, malvertising increased by 42% month over month.
Below, we’ll help you understand malvertising and give you tips on identifying and avoiding it.
What is “malvertising?”
Malvertising is the use of online ads for malicious activities. One example is when the PlayStation 5 was first released. It was very hard to get, which created the perfect environment for hackers. Several malicious ads cropped up on Google searches. The ads made it look like someone was going to an official site. Instead, they went to copycat sites. Criminals design these sites to steal user credentials and credit card details.
Google attempts to police its ads, but hackers can have their ads running for hours or days before they’re caught. These ads appear just as any other sponsored search ad. They can also appear on well-known sites that have been hacked or on social media feeds.
Tips for protecting yourself from malicious online ads
Review URLs carefully
You might see a slight misspelling in an online ad’s URL. Just like phishing, malvertising often relies on copycat websites. Carefully review any links in the ads.
Visit websites directly
A foolproof way to protect yourself is not to click any ads.
Instead, go to the brand’s website directly.
If they truly are having a “big sale,” you should see it there. Just don’t click those links and go to the source directly.
Use a DNS filter
A DNS filter protects you from mistaken clicks. It will redirect your browser to a warning page if it detects danger. DNS filters look for warning signs. This can keep you safe even if you accidentally click a malvertising link. Often, you’ll see a block page.
Do not log in after clicking an ad
Malvertising will often land you on a copycat site. The login page may look identical to the real thing. One of the things phishers are trying to steal is login credentials.
If you click an ad, do not input your login credentials on the site, even if the site looks legitimate. Go to the brand’s site in a different browser tab.
Don’t call suspicious ad phone numbers
Phishing can also happen offline. Some malicious ads include phone numbers to call. Unsuspecting victims may not realize fake representatives are part of these scams. Seniors are often targeted; they call and reveal personal information to the person on the other end of the line.
Stay away from these ads. If you find yourself on a call, do not reveal any personal data.
Don’t download directly from ads
“Get a free copy of MS Word” or “Get a Free PC Cleaner.” These are common malvertising scams. They try to entice you into clicking a download link. It’s often for a popular program or freebie. The link actually injects your system with malware to do further damage.
A direct download link is likely a scam. Only download from websites you trust.
Warn others when you see malvertising
If you see a suspicious ad, warn others. This helps keep your colleagues, friends, and family more secure. If unsure, do a Google search. You’ll often run across scam alerts confirming your suspicion.
Foster a culture of cyber awareness
It’s important to arm yourself and others with this kind of knowledge. Foster a culture of cyber-awareness to ensure safety and better online security.