Malvertising, the practice of using online ads for malicious purposes, is on the rise, with incidents in the U.S. spiking by 42 per cent in fall 2023, according to cybersecurity firm Malwarebytes. Hackers are leveraging increasingly sophisticated techniques to trick users into clicking on ads that install malware or lead to phishing scams.
Jérôme Segura, senior director of research at Malwarebytes, warns that this surge is “just the tip of the iceberg,” as more companies and individuals fall victim to such attacks.
Many of these fraudulent ads appear as sponsored content during routine Google searches, posing as legitimate brands or services. Some only ensnare consumers who click on them, but others can exploit vulnerabilities, infecting users merely by visiting an infected site.
Even corporate employees are being targeted, as hackers prey on their trust in internal portals. For example, hackers recently created a fake Google ad impersonating Lowe’s, which misled employees into entering a phishing page disguised as the retailer’s employee portal.
While Google and other search engines like Bing are not responsible for these attacks, their widespread use and high level of consumer trust make them prime targets for cybercriminals.
According to Stuart Madnick, a professor at MIT Sloan School of Management, users often let their guard down, believing that anything appearing in a Google search is safe.
To mitigate the risk of malvertising, cybersecurity experts recommend users avoid clicking on sponsored links and double-check URLs before proceeding.
Keeping browsers up-to-date is crucial to avoid drive-by downloads, a method that installs malware simply by visiting a compromised website.
Chris Pierson, CEO of BlackCloak, urges consumers to be wary of phone numbers from ads, as scammers could hijack them.
He advises verifying numbers directly from company websites or official documentation.
Installing anti-malware software and using privacy browsers or ad blockers can also protect consumers from malicious ads.
Reporting suspicious ads helps reduce the spread of malvertising, but Madnick reminds users to stay vigilant, adding, “You should assume that this could happen to you no matter how careful you are.”
