Online advertising has come a long way since the early days of the internet: thanks to the magic of targeted advertising and retargeting, today’s ads are even moderately useful, at least some of the time.
For most of us, it wasn’t exactly hard to avoid clicking on garish flashing ads for things we didn’t want. But today’s ads? A lot more often they’re about things we legitimately have interest in. That can be good when it helps us learn about deals on stuff we want. But there’s a dark side, too: something called “malvertising.”
Here’s what you need to know.
What Exactly Is Malvertising?
Malvertising is a form of cyberattack that starts with an online ad — or something imitating an online ad. These ads can look like just about anything: a great deal on a pair of shoes, a free download of software that can help make your life easier, whatever.
You can probably guess where this is going: you click on the ad, and things don’t exactly go the way you think they should. Similar to how phishing schemes work, this malicious ad takes you to a fraudulent landing page where things can unravel pretty quickly.
Malvertising can get you another way, too: the worst types can even install malware on your computer without your clicking on the ad at all. This usually is only a concern if your browser or operating system is out of date, and these malvertising scams tend to pop up on seedier sites, not your everyday mainstream sites.
Three Types of Malvertising
Most malvertising attacks fall into one of three categories: scam malvertising, fake installer malvertising, and drive-by download malvertising. Here’s a quick definition for each.
- Scam malvertising: These ads warn you about some kind of problem on your computer (like a malware infection) or an urgent need (like downloading free malware detection software). This is, of course, a scam: if you fall for it, you’ll end up downloading malware or calling a fake support line that will install it for you.
- Fake installer malvertising: Microsoft Office for $0.99 sounds like a steal, but it probably isn’t real. This type of attack leads you to a fake landing page claiming to offer some type of legit software. But when you download and install it, you’ve actually infected your PC.
- Drive-by download malvertising: This type tries to automatically install malware on your device just by loading the ad itself. This is the most dangerous type because you don’t even have to fall for it to get got! But it’s also the easiest to detect, so if you keep your browser and OS up to date you’re unlikely to run into this type.
How to Protect Your Business from Malvertising
Staying safe starts with education: learning to see the signs of scams like this. Just like with phishing emails, any online ad urging you to take sudden action is suspicious at best. Does the website you’re on have any way to know whether your PC is infected with malware…using an ad? Probably not.
If you do click on an advertisement, immediately check the URL’s domain. Is it the right domain for the product or service you think you’re getting? If not, then it’s almost certainly too good to be true.
Last, keep your browser and OS up to date at all times. Old versions are insecure and may let scammy ads through.
Another strategy: set up business-grade cybersecurity tools that can stop attacks like these in their tracks. Not sure how to go about it? We can help. Reach out anytime!