Malware comes in many forms. One very common type which is gaining more momentum these days is ‘malvertising.’ It’s cropping up everywhere, including websites and social media sites in particular and, more insidiously, Google search results.
Employees do fritter away time online, but what U.S. office worker does NOT use Google Search for legitimate business reasons? They may be searching in earnest, but they see a very tempting ad for something. What’s the harm in taking a quick look? Could be plenty of harm.
What makes malvertising even more dangerous are two things. One is that hackers use AI to make it very believable. The other is that it’s on the rise, according to Malwarebytes. In the fall of 2023, malvertising increased by 42% (month over month).
To maintain your own security, inform yourself about this online threat. Knowledge is the power to protect yourself, especially when it comes to malicious cybercriminals. Please allow us to help you understand malvertising. We’ll also give you tips on identifying and avoiding it.
What is malvertising?
Malvertising is an online phenomenon and is exactly what it sounds like: The use of online ads for malicious activities. For example, when the PlayStation 5 was first released, it was very hard to get, which created the perfect environment for lowlife cybercriminals: create malicious ads offering the public what they want.
Malvertising ads for PlayStation 5 started appearing on Google searches. The ads made it look like you’d be going to an official site but lured you to copycat sites. Criminals design these sites to steal user credentials and credit card details.
While Google does attempt to police its ads, hackers can often have their ads running for hours or days before they’re caught. These ads appear just as any other sponsored search ad on Google.
But Google is not alone in this. Malvertising appears on various well-known and trusted sites that have been hacked. It can also appear on social media feeds.
How to protect from malvertising?
Carefully review URLs
Perhaps you’ll catch something as obvious as slight misspelling in an online ad’s URL (like ‘www.microsft.com’), or a dubious address suffix – for example, government agencies end in ‘.gov.’ – nothing else, unless followed by a forward slash – it will NEVER be ‘gov.usa.’ Just like phishing, malvertising often relies on copycat websites, and these ads want to get you to go to them. Carefully review any links for things that look off.
NEVER use provided links to visit websites
Protect yourself by going to the brand’s website directly – do NOT click on the ad. If they truly are having a ‘big sale,’ you should see it prominently displayed there. This tip is useful for all types of phishing. Don’t just click those links - go to the source directly.
Turn on DNS filtering
DNS filters can be lifesavers by protecting you from mistaken clicks. It will redirect your browser to a warning page if it detects danger. DNS filters look for warning signs. They, then block dangerous sites. This can keep you safe even if you accidentally click a malvertising link.
Granted, the DNS filter may occasionally warn you about perfectly legitimate sites, which can be annoying. Better safe than sorry.
NEVER log in after clicking an ad
The copycat site that malvertising will take you to wants you to give them your login credentials. The login page may look identical to the real thing. They can get big money for logins to sites like Netflix, banks, and more.
If you are foolish enough to click an ad, do not input your login credentials on the site. Even if the site looks legitimate. Go to the brand’s site in a different browser tab.
NEVER call ad phone numbers
Phishing perpetrators will sometimes take you offline, so some malicious ads include phone numbers to call. Unsuspecting victims may not realize fake representatives are part of these scams. Seniors are often targeted with malvertising scams. They call and reveal personal information to the person on the other end of the line.
Just say no to calling numbers in online ads. If you find yourself on a call, do not reveal any personal data. Just hang up. Remember, this is an elaborate scam. These people prey on triggers like fear. They also work to gain your trust.
Plus, with the strength of AI these days, they may record you so they can create scams using your voice to target your known family and associates.
NEVER download anything from an AD
‘Free Windows 11 Download! Click HERE,’ or ‘Get a Free PC Cleaner.’ These are common malvertising scams. They try to entice you into clicking a download link. It’s often for a popular program or freebie. The link actually injects your system with malware, allowing hacker to run rampant.
Never click to download anything from an online ad. If you see an ad with a direct download link, it’s often a scam. As stated above, go to the website directly. If the free download is legit, it will be there.
When you see malvertising, warn others
Remember: Sharing is Caring. Keep your community and business safe by warning others when you see a suspicious ad – if at work, notify your IT services provider. This helps keep your colleagues, friends, and family more secure. If you’re unsure, try a Google search on the ad. You’ll often run across scam alerts confirming your suspicion.
Be smart and arm yourself with knowledge, which you can then share this with others. Foster this type of cyber-aware community – especially at work. It helps everyone ensure better online security as well as get alerted of new scams cropping up.
Frequently Asked Questions
How do you get rid of malvertising?
Your best bet is to install reliable antivirus (AV) software that can detect and neutralize threats like malvertising. These programs offer real-time protection against various types of malware, including ransomware, spyware and adware, which often accompany malvertising attacks. Don’t waste your time with any ‘free antivirus.’ You get what you pay for.
How do I open my DNS settings?
DNS settings are specified in the TCP/IP Properties window for the selected network connection. Go to the Control Panel. Click Network and Internet > Network and Sharing Center > Change adapter settings. Google’s Developer Program will lead you through it HERE.
Can malvertising track your keystrokes?
If delivered via malvertising, spyware can silently monitor user activities and steal sensitive information, such as login details and personal data. This software can track your browsing habits, record your keystrokes, and send this information back to cybercriminals without your knowledge.
What is the scariest computer virus?
MyDoom is widely considered to be the most dangerous computer virus in history. It spread quickly through email in 2004, infecting millions of computers and causing billions of dollars in damage.
Like many common cyber-tactics, it used deceptive language to trick users into opening a file attachment that appeared to be harmless.
How secure is your network?
As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and cybersecurity assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.
The best defenses are expert cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.
With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
IT Support LA is an award-winning Managed Services Provider (MSP):
o 3 Years awarded Best IT by the Small Business Expo
o Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o Awarded Best IT Support in California by Channel Futures
o Winner of Best IT in Los Angeles by Channel Futures
o Listed as one of the world’s Top 501 Managed Services Providers (MSPs) by CRN and in the top 250 in the ‘Pioneer’ listing
o 4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o Listed as #21 MSP in the World in Channel Futures NextGen 101
o Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o Named Best of IT winner by UpCity
o Winner of Local Excellence Award for 2021, 2022 and 2023 by UpCity
o Named Best of Cloud Consulting winner by UpCity
o Certified as Top Managed Services Providers and Cybersecurity Pro by UpCity
o Named Best IT in Los Angeles by Expertise.com.
Improve Your Online Security Today!
Is your device up to date with security patches? Do you have a good anti-malware solution? Is DNS filtering installed to block dangerous websites?
If you’re not sure of any of those questions, call IT Support LA today. Our cybersecurity experts are here. We'll help you find affordable solutions to secure your online world.
Give us a call or email to schedule a chat and take advantage of our FREE no-risk network and cybersecurity assessment.
818-805-0909
