Cybercriminals have begun to take advantage of new techniques to steal sensitive data as the world becomes increasingly connected through the Internet and its digital pathways. One method that has gained popularity in recent years is malvertising or malicious advertising. Simply put, malvertising is when a hacker or other cybercriminal uses online ads for malicious purposes.
What Is Malvertising?
You might not even recognize a malvertising attack scrolling by while you visit a website or make a routine Google search, but in the first half of 2023 alone, there was a 42% increase month-over-month in malvertising incidents. Most users will click on an ad and unwittingly have their device infected by a virus or be subject to a phishing scam. With a simple click, malvertising can lead to data theft, ransomware downloads, or other malicious actions, largely happening behind the scenes.
A Recent Example of a Malvertising Attack on Lowes
This year, retail employees at Lowes were subject to a large phishing scam using sponsored Google ads designed to mimic the company’s MyLowesLife employee portal. Using a popular method for malvertising, subtle typos that are hard to distinguish from a genuine website, malicious domains occupied the top three results on Google’s front page when searching for “myloweslife.” The scam proved effective for employees who relied on the portal for scheduling, pay, and more.
Malicious domains closely mimicked the MyLowesLife login page, and after logging in, users were asked a security question concerning their sales account numbers, passwords, and even banking details. Understanding malvertising is essential for retail businesses and consumers increasingly subject to fraud in the digital age. Other cyber attacks have impacted United States and Canadian retailers as well as their customer base, so diminishing the number of attack avenues is a good starting point.
Detecting a Malicious Advertisement
Understanding what a malicious advertisement might look like to protect yourself or your business from malvertising attacks online is important. Most malicious advertisements either closely mimic existing campaigns and domains in an effort to trick the user or attempt to draw the user’s click with unrealistic promises, scandals, or shocking claims.
Before clicking on an advertisement or domain, always examine it for typos, consider the advertisements and domains around it, and avoid improbable claims. Often, a malvertisement attack that appears on Google will boost itself to the top of the page, so it is important not to blindly click on the first result before checking if it’s safe.
Proactive Ad-Blocker Protections
A more proactive approach to malvertising involves purchasing an ad-blocker browser extension and antivirus software. Ad-blockers prevent you from clicking on malicious advertisements in the first place. At the same time, antivirus software acts as an additional layer of protection and may inform you of existing complications on your device. Malvertising doesn’t just affect computers either, it is important to keep every device up to date with ad-blockers and antivirus software.
An onslaught of pop-up ads can carry malicious links even when visiting a legitimate website. Some ads, whether pop-up or regular display ads, may hide a malicious link beneath the exit button or the play button for a video, counting on a click that strays just a bit too far from the button itself. You might have seen increasingly small exit buttons for ads in recent years, and while many advertisers use this technique to make it difficult to close their ads, some may be malicious in nature.
Defend Yourself Against Malvertising
Malvertising remains a constant threat if you have no protective measures while surfing the internet. Even professionals can be tricked by a well-placed typo or a hard-to-click exit button. The best way to protect yourself is with ad-blockers and antivirus software, ensuring that pop-ups and tricks won’t result in data theft and malware downloads.
