Protection against malvertising: Strategies for companies and users against fake advertisements

Digitalization brings numerous benefits, but also brings with it a variety of threats that affect both users and companies. One of these threats is Malvertising - a method in which cybercriminals use deceptive advertisements to distribute malware or steal financial and personal information. This form of cybercrime combines two worlds: malware and advertising. Fake ads often look deceptively real, which makes them difficult to recognize at first glance. This makes it all the more important to look into this issue in detail and take appropriate protective measures.

What exactly is malvertising?

Malevertising, a short form of “Malicious Advertising”, refers to the abuse of online advertising to spread malware or redirect users to fake websites. Deceptively real advertisements are displayed that are intended to attract the user at first glance. These are often advertisements that promise particularly low prices for well-known brand products or highlight a specific service that is currently in high demand. Once the user clicks on the ad, they are redirected to a fraudulent website that attempts to download malware onto their device or obtain sensitive data such as credit card details or passwords. What makes this method so dangerous is the fact that it often takes place on seemingly legitimate platforms such as search engines or well-known websites. These advertisements are placed so cleverly that they are hardly noticeable in the midst of real advertisements.

How does malvertising work?

• Creating a Fake Ad Cybercriminals create ads that appear legitimate at first glance. These ads usually promote products or services that are in high demand and therefore attract potential victims.
• Placement of ads on reputable platforms These fake ads are then displayed on search engines such as Google or on trustworthy websites via legitimate advertising networks. This gives them an apparent credibility as users assume that ads on such large platforms are safe.
• Redirected to a fraudulent website Once the user clicks on the ad, they are redirected to a mock website that either downloads malware to their device or aims to steal personal data such as login details or credit card information. Often this is achieved through fake registration forms or payment pages.

 

Malvertising in search engines and websites

Malvertising is not just limited to search engines like Google or Bing. These fake ads can also appear on numerous websites that sell advertising space to third parties. What is particularly problematic is that these ads are often displayed next to real advertisements and are hardly distinguishable to the average user. This has far-reaching negative consequences for affected companies, as users who fall for such ads often lose trust in the brand whose product was supposedly advertised. The company on whose website the malvertising ad was displayed also loses credibility because users get the false impression that the site is unsafe or does not take enough measures to protect users.

Protective measures for companies

Companies face a major challenge here: How can they protect their brand and their customers from malvertising? There are various approaches companies can take to minimize risk.

• Using ad verification services and malware scanners An important first step is to integrate ad verification services and dedicated malware scanners. These tools automatically scan the ads displayed on your platform or on behalf of the company for potentially harmful content. These automated screening tools can often work in real time and detect malicious ads before they even appear on the site or in search engines.
• Manual ad review Although automated systems can be effective, companies should also perform manual ad review, especially for large-scale campaigns or when ads are being shown for the first time. This double protection reduces the risk of a malicious ad slipping through the net of security measures.
• Use trustworthy advertising networks Companies should ensure that they only work with established and reputable advertising networks. Open real-time advertising exchanges, where ads are served without strict verification, are particularly vulnerable to malvertising. By focusing on platforms with strict vetting procedures, companies significantly reduce risk.
• Continuous monitoring of ad campaigns Continuous monitoring of ongoing ad campaigns is also essential. Tools such as the Google Ads Transparency Center or the Bing Ad Library enable companies to track which ads are displayed in the name of their company or with their brand name. It is advisable to monitor common brand name typos, as fraudsters often intentionally use small variations in the name to deceive users.

 

Google Ads Transparency Center

The Google Ads Transparency Center was introduced to give Google users a way to learn more about the ads they are shown. This tool creates a clear overview of which advertisers are active, what type of advertising they are running and in which geographical regions their ads are being shown. Above all, it promotes better traceability and control over the advertisements presented to users. A key aspect of protecting against malvertising is the ability to more quickly identify fraudulent ads and suspicious advertisers. Through the Transparency Center, users and companies can:

• See advertiser details You can see who is behind an ad and whether the advertiser has been verified. This reduces the risk of falling for malicious or fraudulent ads.
• Report Suspicious Ads If an ad is identified as potentially dangerous, there are mechanisms in place to report it. This helps Google respond to threats and take action against malvertising more quickly.
• View historical ads The Transparency Center allows access to an advertiser’s previous ad campaigns. This provides additional security by allowing comprehensive insight into an advertiser’s activities.

This transparency represents an effective line of defense, especially when it comes to malvertising. The more information available about an ad and its sender, the easier it becomes to identify and avoid malicious ads.

Bing Ad Library

Similar to Google, Microsoft also has the Bing Ad Library created a tool that offers more transparency in the world of online advertising. The Bing Ad Library gives users insights into the ads running on Bing and other Microsoft services, promoting a deeper understanding of advertisers and their campaigns. The main goal of the Bing Ad Library is to give users and businesses the ability to search through ads and advertisers and learn about their activities. Particularly when it comes to political advertising, the library offers detailed information about which organizations are behind the ads, what content is being promoted and how much money has been invested in the campaigns. But the Bing Ad Library also makes an important contribution to general protection against malvertising.

• View current ads Users can search for ads to see what ads are being shown by specific companies or organizations. This makes it possible to identify suspicious advertisers more quickly.
• Advertiser Verification Similar to Google, Bing requires advertisers to be verified to ensure they are legitimate. This reduces the risk of malware being distributed via advertisements.
• Ability to report If users encounter suspicious ads, they can be reported via the platform. This helps Microsoft take action against malvertising and remove harmful ads.

 

Transparency tools against malvertising

Malvertising is an elusive problem because it often hides behind seemingly legitimate ads. These malicious ads can appear on high-profile websites or through advertising networks, undermining users’ trust in online advertising. Google and Bing have introduced important measures with their transparency tools to give users and advertisers more control and insight. For companies and organizations, these tools are not only a means of transparency, but also of self-defense. By regularly reviewing their own ads, companies can ensure that their campaigns are not being used for malicious purposes. At the same time, they can check whether competitors or unknown actors are running suspicious ads that have the potential for malvertising. For users, the tools offer the opportunity to be better informed and report suspicious ads before they can cause harm. Through collaboration between platforms and users, malvertising can be combated more effectively.

What users can do to protect themselves

Users shouldn’t just rely on companies when it comes to protection against malvertising. You can also actively help protect yourself.

• Be careful with sponsored ads Sponsored ads are a popular way for scammers to advertise fake products or services. Users should always be careful when they come across particularly cheap offers and not automatically click on sponsored ads. Instead, it may be safer to rely on organic search results.
• URL Verification A simple but effective protective measure is to verify the URL before entering a website. Fake websites often have slightly modified URLs that at first glance look like the original. Users should make sure that the URL is spelled correctly and does not contain any additional characters or unusual domains.
• Keep security software up to date Finally, users should ensure that they always have the latest version of their antivirus and security software installed. These programs can detect malicious websites or ads and block access before they cause harm.

Conclusion

Malvertising is a serious threat that can significantly harm not only companies but also users. Companies need to be proactive by incorporating security measures, leveraging trusted ad networks, and continually monitoring their campaigns. Users should be careful, especially with sponsored ads, and always check the URL before clicking on an ad. Through these preventative measures, both sides can help minimize the risk of malvertising.