How to stay safe from malicious advertising online?

In an ideal world, the online ads you see are trustworthy and have no malicious intent. However, that’s not always the case. Some ads, rather than promoting legitimate products or services, are designed to spread malware or commit security breaches, such as stealing users’ personal information.

These malicious ads are often cleverly disguised, making it difficult for users to distinguish and easily become victims of cyber attacks.

What is malvertising?

Malvertising, a portmanteau of “malware” and “advertising,” is not simply advertising to sell malware to cybercriminals, as the name might suggest. Instead, it is a sophisticated tactic in which ads are designed to appear legitimate but actually contain dangerous threats.

These ads are often used to trick users into clicking them, which then stealthily download malware onto their devices or redirect them to malicious websites that collect personal information, install spyware, or carry out other cyberattacks. This is a particularly dangerous form of attack because it exploits users’ trust in trusted online platforms.

The main goal of malvertising is to infect your device with malware and steal personal information, causing serious security consequences. To achieve this, malvertising typically uses two main methods:

Malicious ads before you click:These types of ads are particularly dangerous because they don’t require any action from you, like clicking or entering information. Once your browser loads the ad, the malware hidden inside can automatically be activated, infecting your device without you even knowing.

Malicious ads after click:These ads don’t trigger themselves when your browser loads them. Instead, they entice you to click, leading you to a malicious website where the site may try to infect your device with a virus or ask you to provide personal information in a phishing attack, in an attempt to steal important data.

Note that malicious advertising is different from adware, which are unwanted applications designed to display advertisements to users. However, in some cases, the two types of software can work together. Cybercriminals can deploy adware on users' computers to display malicious advertisements, combining annoyance with potential security risks.

How do malicious ads appear?

Malware, with its long history and ever-evolving forms, has become a threat that cannot be ignored in the digital world. From simple tricks that annoy users to sophisticated campaigns that scam and spread malware, malware has proven its incredible adaptability and harmfulness.

Proving that even the biggest websites aren’t immune to malicious ads, a series of ads dubbed SYS01 InfoStealer have hit Facebook users in a massive campaign. The ads are designed to trick users by promising free access to popular services and software, like Netflix and Photoshop.

However, when users click on these ads, instead of getting what they were promised, they are tricked into downloading malware that can steal personal information, damage devices, or lead to other attacks. These incidents show that even large and trusted online platforms can be targeted by malicious ads, putting unsuspecting users at risk.

While Google is considered a master at filtering out harmful ads, sometimes small "loopholes" still appear. Some ads that appear in search results may not be really relevant or even misleading.

According to CNBC, cybercriminals have taken advantage of Google's sponsored ads to scam users. They create fake ads that impersonate reputable websites or make overly attractive promises, making it easy for users to fall into the trap.

Cybercriminals are getting more and more sophisticated in creating fake search results that look exactly like legitimate websites. They invest in pushing these malicious links to the top of search results. This makes it difficult for users to distinguish between real and fake, and makes it easy for them to fall for scams.

Many social media platforms allow users to pay to increase engagement on their posts. Cybercriminals have exploited this "loophole" to promote malicious ads. They buy likes and shares to increase the credibility of malicious content, thereby defrauding and hijacking users' accounts.

Japan-based security firm Trend Micro has uncovered a sophisticated Facebook scam in which cybercriminals hijack accounts and then use them to promote fake AI photo editing apps. Once users download and install the app, the criminals gain access to and control of the victim’s device.

How to stay safe from malicious advertising online?

Although malvertising may sound sophisticated and dangerous, in reality, it often leaves some easily identifiable traces. So, to stay safe from malvertising, you need to pay attention to the signs and take the following safety measures:

The ads are too attractive

The main goal of malicious advertisers is to get as many users as possible to click on their ads. Since they don’t have a quality product or service to offer, they often make unrealistic promises and overly attractive deals to lure users in. This way, they don’t have to take responsibility for the misinformation they’ve provided.

As the SYS01 InfoStealer case shows, scammers are willing to push out extremely attractive advertisements such as free access to Netflix and Photoshop to attract users. These are clearly "winged" promises to appeal to users' greed and hide the real purpose of stealing personal information.

Ads containing spelling and grammatical errors

Malicious ads are often hastily created and poorly thought out, so they can easily reveal flaws in language and grammar. If you notice an ad with many errors or unnatural wording, be careful because it could be a sign of malicious advertising.

Advertisements with "Unprofessional" graphic design

Unlike reputable companies that invest heavily in professional graphic design, malvertising creators often don’t have the resources to do so. As a result, malvertising ads often have poor image quality, confusing layouts, or low-resolution images. This is easily noticeable to the naked eye and is a clear sign that the ad is not trustworthy.

Double check advertising information on official websites

Having doubts about a deal that seems too good to be true? Take some time to verify the information before making a decision. The easiest way is to open a new tab and go directly to the company's official website or social media channels to check the information.

If an ad claims to be from a reputable company, you should double-check the information on the company’s official website or social media channels. All advertising content should be clearly and transparently posted there. As for companies you are not familiar with, be cautious and do your research before making a decision.

Be careful when clicking on ads

We tend to click on the first link to save time, but be careful! Scammers are always looking to exploit this psychology to trick users. Remember the Google malvertising incidents, we need to be more careful when clicking. Instead of hastily clicking on marked ads, take a moment to scroll down and click on the search results of reputable websites.

Use a secure web browser

We know how to avoid the risks of clicking on ads, but the dangers can still be present even before we take action. Some malicious ads can automatically launch as soon as a web page loads. To protect yourself from these threats, it is important to choose a secure and reliable web browser. Your browser will act as a solid layer of defense, helping you prevent attacks from malicious ads.

In short, in the world of online advertising full of traps, bad guys are always looking to take advantage of users' curiosity to trick them into downloading malware, viruses or other dangerous files. By equipping yourself with the necessary knowledge on how to recognize and avoid malicious ads, you can effectively protect your computer and personal data.