“What if Christmas, he thought, doesn’t come from a store. What if Christmas … perhaps … means a little bit more!” – The Grinch, How the Grinch Stole Christmas
Merry Christmas! The shopping frenzy has begun and with it, an uptick in malvertising.
Malvertising is the use of online ads for malicious purposes. Cybercriminals no longer need to know your email address, login credentials, or anything else. Instead, they are attempting to fool you into clicking on a search result that looks legitimate.
Malwarebytes explains: Malvertising is not malware itself. Instead, it’s a sneaky process of placing malware, viruses, or other cyber infections on a person’s computer, tablet, or smart phone. The malware that eventually slips onto a person’s device comes in many varieties, but cybercriminals tend to favor malware that can steal a person’s login credentials and information. With this newly stolen information, cybercriminals can then pry into sensitive online accounts that belong to the victim. (https://www.malwarebytes.com/blog/news/2024/02/malvertising-this-cyberthreat-isnt-on-the-dark-web-its-on-google)
This is how it happens: Cybercriminals create ads that look legitimate but when you click the link, they take you to a malicious website. Nothing on the malicious site indicates that you should “RUN!” instead it looks and feels like the real thing. When you click, you get the infection.
Unfortunately, these ads are embedded in the google search results. They also are showing up on mainstream websites like Lowe’s and Slack.
Over the Thanksgiving holiday I was reading an article about the best gadgets to give as Christmas gifts this year. Several of them were interesting and I clicked. Fortunately for me, Avast Antivirus software closed several of the sites before I had a chance to click on anything.
Besides a quality antivirus, there are other tricks to limit your exposure. Next time you google something, notice the results. The top of the list are “SPONSORED” results. You have to pay to be listed as a sponsored link. It’s interesting to me, that cybercriminals are good at business. They promote their shenanigans the same way a legit business would. Never click a sponsored link. Anything that is listed in the Sponsored section is typically listed again below the sponsored section. Open the site from an unsponsored link.
If you do click a sponsored link, check the web address once you get there. And check it carefully! Is it spelled correctly? Is it plural when it should be singular?
Just because you trust a site, doesn’t mean you can trust the ads on the site. The ads are placed by a service that typically has nothing to do with the host site itself. Avoid the eye candy! That is easier when you use an ad blocking browser like DuckDuckGo (https://duckduckgo.com) or Brave (https://brave.com). You can also install Ad Blocking extensions like AdBlock Plus (https://adblockplus.org).
The goal this year is to spread Good Cheer—not malware! And taking my cue from television which replays the same Christmas Specials it has been showing for the past 60+ years, I’m replaying my favorite Christmas play in the box below.
Stay Safe & Merry Christmas!
Janet