With the increase of 'malvertising,' cybercriminals are increasingly targeting Google searches.

• Malicious hackers are increasingly using online advertisements for malicious purposes.
• Sponsored content during search engine queries and hidden ads on mainstream websites targeting big companies like Lowe's and Slack can contain rogue ads.
• It is advised by experts to steer clear of clicking on sponsored links that appear during online searches and to ensure that your browser and operating system are up to date.

Malicious hackers are increasingly utilizing online advertisements for their nefarious activities, often targeting individuals through routine Google searches.

Malvertising incidents in the U.S. increased by 42% month-over-month in fall 2023, according to Malwarebytes. All brands are being targeted, whether for phishing or actual malware, said Jérôme Segura, senior director of research at Malwarebytes. "This is just the tip of the iceberg," he added.

Rogue ads that appear as sponsored content during search engine queries on desktops and mobile devices can contain malicious code. Some of these ads are designed to ensnare consumers who click on them, while others can harm people even if they don't click. Consumers can be vulnerable to these ads in a passive way, simply by visiting an infected site, said Erich Kron, a security awareness advocate for KnowBe4.

Malvertising can also target corporate employees, as Segura pointed out. He provided examples of recent incidents where big companies were targeted via ads for employee portals. In one case, staff members were directed to a phishing page with a Lowe's logo after clicking on a link that contained a misspelling of the company's name. This could easily confuse employees who may not know the URL for their internal website. Segura explained that seeing the brand and its logo can make employees think it's legitimate, even if it's not.

Segura discovered an impersonation scheme that aimed to trick users into downloading a fake Slack app. He initially clicked on an ad that redirected him to a price page on Slack's official website. However, he became suspicious and conducted further investigation, uncovering the fraudulent scheme.

It's not Google's fault, but don't trust it

Malvertising is not a new phenomenon, but cybercriminals are becoming increasingly sophisticated in their tactics. The ads are often so convincing that it's easy to fall for them. This problem is compounded by the fact that many people rely on Google as their primary search engine, where many of the malicious ads can be found. While Google is not responsible for the problem, it is a widely used search engine and people often let their guard down when they see something on a Google search. As Stuart Madnick, professor of information technology at MIT Sloan School of Management, puts it, "You see something appearing on a Google search, you kind of assume it is something valid."

Trusted websites can sometimes be a breeding ground for malicious ads, with both legitimate and fraudulent ones present. As Madnick put it, "It's like the post office. Does the mailman check every letter you get to make sure it's really from Publishers Clearing House?"

Be very careful about where and when you click

To safeguard themselves from malvertising, consumers can refrain from clicking on sponsored links that appear during online searches. Typically, the first ad below the sponsored one is the product they are searching for, which reduces the likelihood of encountering malicious code or a phishing attempt.

Avinash Collis, an assistant professor at Carnegie Mellon University's Heinz College, advised consumers to close the window immediately if they find themselves on a suspicious site. This will usually prevent any further issues, he said.

Kron advised consumers to exercise caution when clicking on ads they encounter on reputable websites. While they may come across ads for products at lower prices, Kron recommended against clicking and instead visiting the website of the product seller. Typically, consumers can search for special deals on the provider's site or find them highlighted on the main page of the trusted website, he said.

Cybersecurity and privacy platform BlackCloak warns against calling a telephone number listed in a sponsored ad as it could be a fake number used by cyber thieves to gain access to your computer or personal information.

Consumers should verify the authenticity of the phone number they are calling by checking official product documentation or visiting the company's website. It is important to note that conducting a web search may return results that are not affiliated with the company and could potentially lead to fraudulent phone numbers. Cybercriminals can easily pay for advertising and have the means to steal money, making it easy for them to create bait ads.

Avoid 'drive-by-downloads'

It is crucial for consumers to ensure that their computer and mobile phone operating systems and internet browsers are up-to-date.

Drive-by-downloads pose a lesser threat to individuals who regularly update their browsers and browser extensions, according to Kron.

Consumers can protect themselves from malware and ads by installing anti-malware software, ad blocker extensions, or privacy browsers on their devices.

Reporting suspicious ads to the applicable search engine for investigation and removal can help protect others from being ensnared, Collis said.

"Be cautious online as there are millions of ads and cyber thieves are persistent," advised Madnick.