Arrow back

Malvertising: Everything You Need to Know

23 January, 2020

The internet can often feel like an obstacle course of threats, especially for businesses.

With the dramatic growth in e-commerce, data storage and general internet usage, cybercriminals are heavily incentivised to find new ways of attacking individuals and organisations, stealing data, planting viruses and even holding an entire system to ransom. Malvertising is one such method.

The following blog will take you through everything you need to know about malvertising, discussing what it is, how malverts work and how best to spot and stop them.

What is Malvertising?

Malvertising is a compound word formed from ‘Malware’ (another composite word meaning ‘Malicious Software’) and ‘Advertising’.

At its most basic level, malvertising is the act of disguising malware as advertising, enticing users to click and interact as a means of infecting their system.

Cybercriminals place malicious code or software within legitimate-looking adverts, often in the form of a pop-up. Once clicked, the software could do any number of things, none of which will benefit your business.

The true threat of malverts is that you don’t even have to click on one to get infected. You just have to visit the wrong site, and these malverts often find their way onto legitimate sites, like the New York Times and the BBC.

How does Malvertising Get Approved?

The first thing to understand when considering malvertising is the way advertising works online.

Companies often use third-party ad vendors (or ad servers) to spread their content in a way that will make the most money for their website. This can sometimes be as simple as signing up to the site and submitting an ad.

Cybercriminals exploit this by initially submitting harmless and legitimate ads to gain the trust and services of the vendor. Once the ad has been distributed, cybercriminals will switch out the legitimate content for a malvert. After a few hours, the ad will be switched back, making it seem legitimate again.

Ad servers often have lax, or automated vetting processes, making it very easy for cybercriminals to slip malverts through their systems without anyone knowing.

How Can You Stop Malvertising?

Malverts often look legitimate, so spotting one can be tricky.

Web Woes, one of our many innovative and approachable Cyber Security Awareness training modules, helps trains individuals and organisations to spot malvertising online and lists a number of tips you can use to prevent being affected by malverts. Here are just a handful of Bob’s Top Tips on how to deal with malverts online:

  • Use an ad-blocker to nullify pop-up malverts and lower your chances of being caught out.
  • Check an ad’s legitimacy by visiting the brand’s website independently. If it is a legitimate ad, then the deal or product it is offering should be available on their website.
  • Check whether the website has ‘HTTPS’ by looking to the right of the address for a padlock icon. Remember though, that this is not a sure sign of a secure website. Hackers can easily copy this into a malicious site.
  • Don’t engage with pop-up ads.
  • Make sure all your devices are regularly updated with the latest software. Out-of-date software can quickly be exploited if it is unfamiliar with a new piece of Malware.

To learn more about Web Woes or any of our other cyber security awareness eLearning courses, click here or get in touch.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance