Picture this. You’re on your smartphone, surfing Facebook and you click on this interesting article. Once the article opens, you are suddenly bombarded by popups trying to redirect you to other pages.
There’s a name for these popups. They’re called malvertisements and they can range from being mildly annoying to actually spreading dangerous malware to your devices. Let’s take a closer look at what malvertising is and how you can protect yourself from becoming a victim.
What is malvertising?
Malvertising is the practice of using online ads to carry out cybercriminals’ nefarious schemes. The hackers behind this malicious practice use the same advertising strategies as legitimate campaigns. The difference is, malvertisements will either attempt to download malware directly onto visitors’ devices or redirect visitors to websites meant to spread ransomware, viruses or other malicious programs.
How does malvertising work?
As mentioned, malvertisements are distributed in the same way as legitimate online advertisements, which is what makes this type of cybercrime especially dangerous. Hackers submit infected graphics with the hopes that they aren’t identified by the advertiser as harmful. Malvertisements are often designed to elicit an emotional reaction from the viewer and include strong, compelling calls to action that encourage viewers to click.
Approved malverts are displayed on legitimate sites where they attempt to lure unsuspecting victims into clicking through to sites that are malicious. Once on the malicious website, code will begin running in the background in an effort to download malware onto the device in question. This process is often referred to as “drive-by download.” Advanced malvertising is even capable of installing malware on viewers’ devices directly from the site that’s displaying the ad, without the need for any interaction.
How can you identify malvertisements?
It’s important to point out that the reliability of a website doesn’t necessarily mean it won’t contain malvertisements. In fact, over recent years, well-known and widely trusted sites such as Spotify and Forbes have been negatively impacted by malicious advertising campaigns that left many visitors infected with malware.
This is why when it comes to malvertising, the best defense is a good offence. Being able to identify which ads are legitimate and which ones are potentially harmful is the key. But since cybercriminals are working around the clock to improve at their craft, telling the difference can be challenging. The following tips should help lessen the risk of clicking on a malicious ad. Avoid ads that:
- Do not look like were professionally designed
- Contain spelling or grammatical errors
- Seem too good to be true (i.e. ads that promise miraculous cures)
- Do not match your normal or recent browsing behavior or search history
Malvertisement Best Practices
In addition to being more aware of what red flags might indicate a malicious ad, there are also a number of other tactics that, when used together, can strengthen your personal security against malvertisement threats.
- Use ad blockers.
- Perform searches for what you’re looking for rather than clicking on ads.
- Stay up-to-date on the latest trends with malvertising.
- Run anti-virus and/or anti-malware on your devices.
As long as unsuspecting victims continue to fall for them, malvertisements won’t be going away anytime soon. Getting educated and being vigilant can dramatically reduce the risks associated with malvertising, which will keep your devices and your data safe from harm.
What about you? Have you ever experienced malvertising? What steps are you taking to avoid becoming a victim again?