Malvertising: Curiosity Might Kill Your Security
Most folks are curious. What happens when you combine our natural sense of curiosity with native advertisements from the dark side? Malvertising.
Whether they’re called native advertisements, online content recommendations, or content discovery, many publishers’ websites are full of placements with alluring headlines. With headlines like ‘Flight Prices You’re Not Allowed to See,’ ‘Life Insurance Companies Hate This,’ and ‘21 War Photos They Won’t Show in History Books’ it takes strong willpower to resist the click.
But a recent tech support scam lurking behind a native advertisement highlights why it’s best to resist.
Native advertisements are produced by an advertiser with the specific intent to promote a product, while matching the form and style seen in the work of the publisher’s editorial staff. There are many forms of native ads around the web today. You can typically identify such an ad by its marking above or below the ad itself: Sponsored, Presented By, Advertisement, etc.
The most recent example of a native advertising scam abuses Taboola ads on Microsoft’s MSN.com web portal. Taboola is one of the main providers of sponsored stories on news websites, along with other providers like Revcontent and Outbrain. This particular scam serves up a fake tech support page upon clicking on an Taboola-sponsored article. The page has the domain name 4vxadfcjdgbcmn[.]ga.
The fake tech support page claims that your computer has crashed and that you must call a number for immediate assistance. The fraudulent page cannot be closed normally because it uses code that repeats the warning indefinitely. This can alarm users and trick them into reaching out to what they think is Microsoft support. Instead, they’re presented with an extortion attempt.
Once informed of the scam, Taboola began an internal review of the vendor and addressed several questions around their malware scanning activities.
Tips to Avoid Malvertising
Curiosity can be a powerful motivator. It helps to be aware that scammers are aware of the power of curiosity and specifically prey on this tendency.
For users, there are several tips to help avoid taking the bait:
- Learn to identify native ads and sponsored content to increase your awareness and help distinguish the publisher’s content from an advertiser’s content.
- Exercise care when clicking on content – even on a trusted platform.
- If the offer is too good to be true, it probably is.
- If the news is too sensational to be true, it probably is.
For business owners, consider the following recommendations:
- Run periodic phishing simulations to keep your employees abreast of recent scam techniques. For those who take the bait, provide additional support and security awareness education.
- Evaluate websites that are known to host native advertisers, and identify those without business relevance. Add these websites to your banned website list. Teramind employee monitoring software allows you to monitor website activity, and block or limit access to certain websites.
For More Information
Here’s an interesting piece that provides recommendations for the online ad industry to help eliminate scam ads (and fake news).