From Clicks to Cyber Attacks: Navigating the Digital Risks of Advertising

Authored by  Hariom Seth, Founder, Tagglabs

Digital advertising has made possible for brands to be at the top of the mind of their target customers in the digital landscape. Ads placed on various websites lead to brand recognition of the company. These ads are cost effective and give measurable results. However, cyberattackers can use them to perpetrate online fraud. So while a customer might be intrigued by an ad of a new designer bag on a fashion blog, cyberattackers might steal the customers bank details the moment he/she clicks on the digital advertisement. There are various ways digital advertising can be exploited to cause harm to a customer. 

1. Phishing - attackers embed legitimate looking, but fake branded ads only to syphon personal information of the customer or download malware after the ad has been clicked.
2. Malvertising - In this practice attackers embed malicious code in legitimate ads that download malware/adware on the customers PC once the ad has been clicked. These ads are displayed to all visitors on the website leaving each one of them at risk. On clicking the ad the malicious code within the ad instals malware, adware or redirects the customers to another website that uses social engineering to cause financial loss to the customer.  This can lead to serious damage to the brand's reputation by harming the customer and the brand.
3. DoS attacks - attackers use automated ads to overload the ad server thereby exhausting available capacity and slowing down the ad network leading to denial-of-service. This leads to the website being shut down and thus denying access to users who might actually be interested in visiting the website. 
4. Magecart attacks - they take advantage of vulnerabilities of third party ad scripts. They inject malicious code in e-commerce websites that skims credit/debit card details of the customer and causes financial loss. British airways had suffered from a magecart attack that caused financial loss to its customers and ruined its brand image.
5. Data breaches - Majority of companies use digital marketing to advertise their brand. Advertisers have a treasure trove of customer Data. This data is collected via search history, purchase habits etc. Which if not secured properly can lead to multiple cyber attacks eventually causing identity theft.
6. Social engineering - Authentic looking ads promoting a particular investment or donation for a cause which is false can fool website visitors into not just sharing their bank details but actually transferring money to the fraudsters bank account. 

Cyber attackers have been uping the ante when it comes to developing newer tactics to use ads for fraud. In such cases big and small advertising companies are equally affected. Here are some examples to demonstrate the same. 

1. The largest digital advertising platform, Google ads has been attacked by automated bots that click on ads without genuine interest in the ad shown thereby wasting the advertisers ad budget. Google therefore developed sophisticated algorithms to detect IP addresses, and click patterns to differentiate between human and bots.
2. Websites like The New york times, AOL, NFL and BBC had their ad spce hijacked by malicious ads that would install ransomware to the computers of the user. This was done by exploiting the vulnerability in Microsoft’s silverlight which was discontinued in 2013.

While some ads can indeed be dangerous for the viewer, there a red flags that can be spotted in order to avoid being scammed. Here are some ways customers can safeguard themselves from risky advertisements.

1. Using ad blockers - while some website are dependent on showing ads for their revenue, a reputed ad blocker can reduce your risk of exposure to malicious ads.
2. Healthy skepticism - look for typos, promises too good to be true, poor grammar. These ads can be fraudulent and should be avoided. There are fake ads that display text such as ‘your PC is infected’ or  featuring celebrities endorsing unknown brands. In such cases one must always double check for the legitimacy of the ad.
3. Updating the browser - popular browsers like safari or google chrome can detect website from databases for malicious sites phishing for personal information. As fraudulent new websites keep emerging it is good to update browsers regularly.
4. Reporting suspicious ads - One of the best things a vigilant user can do is to many browsers and social media platforms have a feature to report suspicious ads. This helps these platform keep a chack on suspicious websites and ads that can harm their users.

 The world wide web is a wonderful place with endless knowledge. However, it is equally important to safeguard oneself while exploring this vast sea of information. Digital ads might seem tempting and force one to explore various new brands and products. However, it is best to stay vigilant and avoid financial pitfalls. One must remember that the battle against online fraud is and ongoing and evolving process and one must stay vigilant while exploring the web.

DISCLAIMER: The views expressed are solely of the author and Adgully.com does not necessarily subscribe to it.