Arrow back

Malvertising: Everything you need to know

31 January, 2024

As 2024 begins, we're already facing fresh computer and data security challenges - primarily due to advancing AI technology.

It’s safe to say that cyber attacks are growing more innovative and more personal.

While some attack types, like phishing, are increasingly well known, there are other attack types which fly under the radar.

Malvertising is just one example of the latter. According to, every day in 2023, there were 300,000 new malware cases; most were spread through emails and took an average of 49 days to notice.

But what do you need to know about malvertising? Let’s dig in.

What is Malvertising?

Malvertising is a compound word formed from ‘Malware’ (another composite word meaning ‘Malicious Software’) and ‘Advertising’.

Malvertising is the act of disguising malware within advertising, enticing users to click and interact to infect their system. Simply put, using advertising to encourage users to download viruses.

Cybercriminals place malicious code or software within legitimate-looking adverts, often as a pop-up.

Once clicked, the software could do any number of things, none of which will benefit your business.

The true threat of malverts is that you don’t even have to click on one to get infected. You just have to visit the wrong site.

How does Malvertising get approved?

Companies often use third-party ad vendors (or ad servers) to spread their content in a way that will make the most money for their websites.

This can be as simple as signing up to the site and submitting an ad.

Cybercriminals exploit this by initially submitting harmless and legitimate ads to gain the trust and services of the vendor.

Once the ad has been distributed, cybercriminals will switch out the legitimate content for a malvert.

After a few hours, the ad will be switched back, making it seem legitimate again.

Ad servers often have lax or automated vetting processes, making it very easy for cybercriminals to slip malverts through their systems without anyone knowing.

You might have come across a malvertising scam today without even realising it.

These cunning scams can appear on legitimate websites, including the BBC, often as display ad campaigns.

Do you recall any recent adverts you've seen alongside an article online?

It's not to say they were all scams, but this highlights how these threats cleverly hide in plain sight.

Without awareness, a simple click out of curiosity could lead you into a trap!

How to spot Malvertising

Malverts often look legitimate, so spotting one can be tricky.

5 signs of malvertising

  1. Unexpected pop-ups: If you see pop-ups on a website where they usually don’t appear, be wary. Malvertising often uses pop-up ads to trick users into clicking on them.
  2. Ads that look out of place: Pay attention to ads that don’t fit the website’s usual style or content. An ad that looks odd or out of context might be a malvertisement.
  3. Offers that are too good to be true: Beware of ads that offer incredible deals or prizes. If an ad promises something that seems too good to be true, it probably is.
  4. Ads that prompt immediate action: Malvertising often tries to create a sense of urgency, like a limited-time offer or a warning about a virus on your device. If an ad urges you to act quickly, take a moment to think before you click.
  5. Poor ad quality: Look for signs of low quality in ads, such as misspellings, poor graphics, or awkward wording. Professional and legitimate ads usually have a high quality standard, so lower quality can be a red flag.

How can you protect your business from Malvertising scams?

Protecting your business from malvertising requires a mix of smart technology and raising employee awareness.

It’s not just about having the right tools; it’s also about creating a culture of security awareness within your organisation.

Implement Ad Blockers

Use ad blockers on your business's devices. This can prevent many malverts from appearing, reducing the risk of accidental clicks.

Regularly update software

Ensure that all software, especially web browsers and operating systems, are updated. Cybercriminals often exploit vulnerabilities in outdated software.

Educate your employees

Make sure your staff are aware of the risks of malvertising. Regular training on cybersecurity best practices can be invaluable.

Use reliable security software

Invest in reputable antivirus and anti-malware software. This software can often detect and block malicious activity, including malvertising threats.

Back up your data

Regularly back up important business data. In the event of a malware attack, having backups can prevent data loss and facilitate a quicker recovery.

How Bobs Business can help your organisation

At Bob's Business, we help educate and empower your employees to spot cyber threats such as malvertising through our engaging eLearning modules, such as 'Internet Safety'.

This module trains individuals and organisations in spotting malvertising online and offers practical tips to prevent falling victim to malverts.

Alongside this, we provide up-to-date insights, expert support, interactive learning tools, and customised solutions to ensure your business has the knowledge and resources to stay secure online.

Get in touch with us today to explore our cybersecurity training courses.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance