Featured Posts

What is Malvertising?
February 19, 2025
Read Post
Brushing Scams and QR Codes: What you need to know
February 5, 2025
Read Post
Data Privacy: Safeguarding Your Organisation’s Most Valuable Asset
January 23, 2025
Read Post

Phishing attacks are constantly evolving, and while using malvertising, or malicious advertising, to trick unsuspecting users isn’t new – it's becoming more frequent and more brazen.

Malvertising involves placing ads on platforms like Google Ads or social media, appearing to represent legitimate businesses or services.

Recent campaigns have seen scammers posing as Google, promoting their Ads platform, only to redirect users to fraudulent websites designed to steal sensitive information or serve malware that can infect your machine, or even your organisation’s network if you use a work machine.

Bait and Switch goods

Another popular use is to sell counterfeit goods or to bait and switch – that is, advertising one thing, and send you something different.  

The scam is particularly effective because it exploits the trust users place in widely recognised platforms such as apps, social media and search engine results. When an ad mimics the appearance of a trusted brand or service, users may not think twice before clicking or purchasing.  

Risks for young people

A very concerning scam advertisement doing the rounds is the sale of illegal goods via social media advertising. Platforms like Instagram are being used to promote illicit products, including drugs, stolen credit cards, and counterfeit money. These ads often lead users to external sites or messaging apps where transactions occur.  

Young people are particularly vulnerable to these scams, as social media algorithms often target them with flashy, high-reward opportunities that promise quick cash or exclusive luxury goods for cheap. Ads promoting "easy side hustles," crypto investments, or luxury brand knock-offs play into the pressures of keeping up with social media-driven lifestyles.

Scammers exploit this desire, using social engineering and fake social proof to lure users into engaging with the ads. The allure of fast money can be hard to resist, especially when these ads appear alongside deepfaked influencers.

Tips to avoid falling for malvertising

Malvertising relies on deception, but you can protect yourself by staying vigilant and following these best practices:

  1. Verify the source
    Before clicking on an ad, hover over the link to preview the URL. Look for inconsistencies, unusual domain names, or subtle misspellings. When in doubt, visit the company’s official website directly by typing the URL into your browser.
  1. Be cautious with search results
    Ads often appear at the top of search engine results. While these placements can and usually do belong to legitimate businesses, they’re not guaranteed to be safe. Scrutinize any ad that feels overly urgent or offers deals that seem too good to be true.
  1. Use trusted navigation
    Instead of clicking on ads, bookmark the official websites of services you frequently use or access them through official apps. If you see an ad on Meta, you can also use the Meta Ad library to check that it’s the real retailer. This reduces the risk of being misdirected by a fraudulent link.
  1. Enable security tools
    Many web browsers and antivirus software can detect and block malicious sites. Keep these tools up to date to help identify potentially harmful links or ads as it’s imperative for the software to identify it quickly.
  1. Report suspicious ads
    If you encounter an ad that looks fraudulent, report it to the platform hosting it. This helps protect others from falling victim and alerts the platform to potential vulnerabilities. If you get a suspicious email advertisement, report it to your organisation.
  1. Install an ad blocker
    For when you don’t want ads at all! These can be effective even when a website that you visit is infected with a malvertising pop-up, meaning you will see the website’s legit content instead of the fraudulent ads.

Malvertising is just another example of how phishing tactics are diversifying. It highlights the importance of being critical of what you see online, whether it’s an email, text, or search engine ads.  Apart from technical safety nets and checking links and retailers, it’s important that education on cyber safety focuses on critical thinking, digital literacy, and emotional awareness.

Remember, if something doesn’t feel right, take a step back. A little extra caution can make all the difference in protecting your personal information and money.

For a demo of our award-winning platform and more information on how you can manage human risk in your organisation, contact us now.

Subscribe to Phriendly Phishing Updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
COMPANY
About UsBlogFAQContact UsPartner Information
SOLUTIONS
Phishing Awareness TrainingSecurity Awareness TrainingEnterprise Security AwarenessSMB Security AwarenessUSB Drop Testing & ReportingPhish Focus Email Triage
RESOURCES
Case StudiesTraining Buyer's GuideCourse CatalogueOnline Knowledge BaseAccount LoginCyber Security Awareness MonthWebinarsPodcasts

Phriendly Phishing Copyright © 2025

Privacy Policy | Terms and Conditions