Malicious advertisements: when cybercrime invests in marketing
Let’s suppose that, following loads of financial planning, you’ve finally decided to buy that new mobile phone you wanted so badly. With your accounts settled and cash in hand, you open your favorite Internet browser to search for the specific model to compare prices offered by several online stores. One, in particular, catches your eye, not only due to the attractively low price but also because it’s featured at the top of your search results.
But hang on a sec; this is a sponsored ad, that is, someone paid for exposure in the search engine. Upon entering the website, it seems well constructed and even has a security certificate. Everything indicates that it’s a reliable online store and that it really is your lucky day, having stumbled upon this limited offer, right?
Don’t be so sure. Reality just isn’t that simple and, in similar situations, many people fall victim to cyber criminals.
An inviable “ROI”
Some may find it hard to believe, but, yes, fraudsters do invest in digital marketing. Nowadays, buying ads on Internet services and social networks is a really simple task and accessible to just about anyone. You don’t even need a corporate tax number to do so. All you need to do is come up with an advert, select your target public and define the budget for your campaign. With as little as US$ 100, you can reach up to 20,000 Internet users in under two weeks.
So, why wouldn’t criminals fork out this “measly investment” considering the potential profit? Suppose just one person falls for the scam and buys a smartphone worth US$ 600 that will simply never arrive. That’s a whopping profit of US$ 580! An absurdly good return on investment, to the enviable tone of 2800%.
Billions of risky ads
Still not convinced of how many cybercriminals are investing in online advertising to boost their phishing pages and fraudulent online stores? Well, according to the 2021 Google Ads Safety Report, Google removed no less than 3.4 billion advertisements and suspended 5.6 million suspicious advertiser accounts.
And it’s not only search engines. Social networks are also regularly used to spread malicious advertisements. Due to a wider public, they are usually the favored way among fraudsters to propagate malicious adverts. While scrolling through your feed, it doesn’t take long to come across an advert copying the visual identity of a famous department store chain, which then forwards the user to a fake page.
How to avoid scams
As always, the best tip for avoiding scams is to trust in your suspicion. If something seems too good to be true, it probably is. Have you come across an online store that seems legitimate and features at the top of your search results, but is selling products at a price far below the market? Check carefully before buying to make sure the company is reputable. Never close a deal before first verifying a seller’s reputation.
When noting an advert that apparently belongs to a recognized store and it takes you straight to a product page with an “incredible offer”, use the good-old shopping cart trick. Place the product in your shopping cart as if you were going to buy it and then close the browser. Open a fresh window and visit the home page of the store in question, manually entering the URL. If the product is still in your shopping cart, it’s a legitimate promotion. If the cart’s empty, you know the page was fake, and you’ve just avoided a scam.
