It’s nearly impossible to visit a website or click on a news article without running into an advertisement. While businesses use targeted ads to introduce their products or services to potential customers, cybercriminals have found success using advertising as legitimate looking cover for phishing scams.
The danger in this malvertising lies in its ability to inject malware onto a site without ever compromising the host site’s integrity. Malicious content is typically delivered under the guise of a user prompt to install a Flash, Java, or Windows update. Users then enter personal information and deliver it directly to scammers, believing that the host site is legitimate and secure.
Malvertising’s impact is felt across both desktop and mobile platforms, and as the digital advertising space expands, so does the effort of scammers to infiltrate it. Whether you compromise customer’s data, or the reputation of your firm, being at the center of a malvertising phishing scam is inevitably bad for business. Equifax recently found this out the hard way; while they were battling their way out of one of the top 5 data breaches in history, Equifax’s website was hacked to serve malware. Joel Hruska shows exactly how users were duped here. He also explains that while certain virus scanners detected the malware, there were far more that did not. So even though Equifax is not responsible for a third party using their website as a vehicle for fraud, they are guilty for their users’ experience.
It’s important to remain vigilant of the integrity of your own site, and monitoring it regularly is a must. It’s also vital to communicate with your user base about not only what types of information you will request from them, but also what channels you’ll use. After multiple phishing scams targeted eBay customers, the company began distributing communications that clearly outlined information that eBay would never request via email or popup prompt. It also goes without saying that all employees and equipment used for company business should be running a robust and regularly updated scanner/blocker. Educating employees to exercise caution when entering personal or proprietary information is also an excellent idea.
Here is a list of tools you can use to prevent malvertising attacks at your place of business:
- Adblock Plus (A plugin for all popular browsers)
- AdBlocker Ultimate (A plugin for all popular browsers)
- AdAway (For Android OS)
- Brave (An actual browser, not just an ad blocker plugin)
If you’d like to discuss improving your current security measures, NSDS can help determine which products best suit your needs, and can work with you to install them. Contact us today by calling 978-988-0201, or by opening a ticket with our help desk at www.ns-data.com.
