Malvertising, the latest portmanteau from hell
OK so you know how ads work on Google, at least basically, right? You buy an ad and you make a lot of selections to help make sure your ad is showing only for your most likely buyers. A barbershop in Texas would be wasting their money advertising to me, so Google gives them tools to help narrow down who gets their ads.
A lot of people's discomfort around privacy comes from the creepy feeling we get when we see an ad that is very obviously targeting us. Looked at cars online? Enjoy those ads. Clicked on something on Facebook? You poor thing.
In the case of Google ads, the tech is so good that scammers are using them to target the most susceptible and lucrative marks, like an experienced fisherman knows the best places to use which bait.
Example: Malwarebytes released a report recently that said their Labs were tracking a trend where scammers were using Google ads to push fake Zoom downloads - already bad enough - to "corporate users and people interested in cryptocurrency."
Which to scammers means "potential whales," because crypto and ransomware are big money and relatively low risk.
The fact is that in 2023 malvertising went from a curio to one of the biggest social engineering threats out there.
Remember, decisionmakers, of all of the cybersecurity horror stories you hear, most of them happened because someone let the hacker in, usually by clicking on something they'll regret. Breaches like the recent Comcast announcement, which was blamed on vulnerable software, are far less common.
We can't in good conscience tell you that ad blocking software is something you should consider for your organization; for good or ill there are many great companies that survive on ads, and ads are only one of many tools in the scammer kit. But be aware, and be wary, okay?