2023 has come and gone and 2024 has rocked by bringing in the January sales season: Because we have all spent more money than usual buying Christmas presents for our loved ones, we are now looking forward to the discounts. Beware, though! It is also the perfect time for Malvertisers to get extra creative with their tactics: They know that end users are most likely looking for the best possible deals and the smallest prices, which means that they might not be as switched on at spotting unrealistic or fake offers as usual, creating the perfect opportunity to trick them into clicking Malicious links! Let’s have a look at the most popular eCommerce New Year sales scams and how to recognize Red Flags to spot Malvertising scams:
The 7 most popular New Year eCommerce and scam Malvertising tactics
Continuing on you will find the most popular New Year sales eCommerce and scam Malvertising tactics. Malvertisers know that end users are after small prices, savings and even extra money at this time of the year. This means that most of their tactics focus on money theft, at a time in the year where credit card and bank information are happily handed over online! Let's list some potential Red Flags to spot Malvertising:
#1 Fake shipping notifications: End users are most likely ordering from several different eCommerce platforms at the same time, in a very short period of time. So it can be difficult to keep track of what has been ordered from where! End users will then of course expect shipping updates, so there’s a high chance of shipping related notifications being opened and links being clicked. This creates the perfect scenario for a dangerous online threat: Fake shipping notifications, which ask end users to click links and enter details in order to “verify” their information, in a Phishing attempt orchestrated to steal the end user’s money as well as their sensitive information. These notifications can be emails, text messages or phone notifications.
#2 Malicious Sponsored Links: End users search for an item on search engines and the first few links that show are Sponsored Links, at the top of the page, above organic results. Whilst most of these Sponsored Links are legitimate ads from online Advertisers and eCommerce platforms, some of them will be Malicious URLs and bad ads posing as a real service or product. For instance, an end user could be looking for a VPN and ironically end up with their device infected with Malicious APK files and Auto Downloads!
#3 New Year’s fake offers: Online offers claiming big savings can look very legit among the thousands of online discounts and sales, and will especially spark end user interest, hoping to save some dollars. Malvertisers often create fake URL pages mimicking well-known brands, then offer fake promotions with the intention of harvesting end user data and will require the input of personal information - Once again, a Phishing attempt looking to steal end user money and sensitive data!
#4 Gift Cards fake receipts: Gift Cards are very popular, so Malvertisers take advantage of this by setting up scams that send a receipt for a Gift Card they don’t remember purchasing. The end user then proceeds to cancel the purchase, and is asked to enter personal details such as credit card information, leading to data theft or even scary Ransomware attacks!
#5 Fake lucky draws and free gifts: Nothing is free in this life! So, if you are being offered a “free” item online, like an iPad, a phone or even a free vacation out of the blue, do not trust it: If it seems too good to be true, it is because it is! These Malvertising attempts can be spread over Publisher website ads, text, email, pop-up notification, etc. The aim of this online threat can be the harvesting of end user sensitive data, but also a more direct attempt of stealing their money by asking payment in order to ship the free product. This means that the end user could be giving money away and not even receiving anything in return.
#6 Fake Surveys: Fake Surveys promise amazing cash prizes at a time where most people are keen on some extra cash, which means that they are on the rise during January. They will appear in the form of a legitimate looking ad, especially pop-ups, and will ask for end user bank details in order to participate, leading in extreme cases to a completely empty bank account!
#7 Social Media malicious messages: Aside from the thousands of New Year greetings emails that we have been receiving from the 1st January, we will all most likely end up flooded by a tsunami of social media animations, inspirational NY resolution quotes and attachments from our friends. Unfortunately, they might also be sending us malicious links leading to threats such as Browser Locker and Scareware, unknowingly! Some of them could have clicked on something malicious which is sending these messages automatically, unbeknown to them.
6 more Red Flags to spot Malvertising! How to spot New Year online threats for end users
Are you an end user wanting to learn to avoid Malvertising online threats over the January sales season, and all-year round? Here are a few red flags to be aware of in order to spot bad ads:
#1 You don’t know the website or source: You need to do your research before clicking: Is this company name on this offer’s landing a legit one? Does the link look fake? Never click on links or download attachments from unknown sources. The best way to avoid getting scammed or your device infected is to simply make sure that you’re on a legitimate official website, social media account or email address. If anything looks dodgy, it probably is.
#2 Urgent or threatening tone: If an ad, a notification, an SMS or an email appears to be threatening or has an urgent tone, do NOT respond, nor do click. This is a common tactic used to scare you into giving away personal information that will be used to steal your identity or money! Close it immediately, and if you have an Antivirus (You should!) run it just in case.
#3 Spelling mistakes or dodgy looking email addresses: If there are any inconsistencies, poor grammar and formatting, spelling errors, click off the website or landing or delete the email immediately! With emails, if they don’t look professional - For instance, using hosting addresses that aren't the name of the company or using random letters in between the company name, run!
#4 Fishy looking security protocols: Always verify the security of a website before clicking anything. Make sure that websites are legitimate to order from and make sure that they are secure (Https!!! Never http). Also, check if they have contact details visible. If they don’t, or they ask you to give money over the phone, these are other red flags that this is not a legitimate website or company.
#5 If it seems too good to be true, it is: Emails or ads offering an amazing discount out without a justified reason (Or the reason given is very on the nose), it should automatically be treated with suspicion: It’s always best to pay the expected price for a gift, as if a product’s price seems too good to be true, it probably is.
#6 Unexpected calls, emails or notifications: If you can’t remember ordering something, you most likely haven’t. So, if you get texts, calls, emails, notifications or social media messages about a parcel you weren’t expecting, again, immediately delete. Enable a spam filter on your email account.
Continuing on there is an example of a Malicious Link detected by AdSecure with a fake lucky draw offer:
As you can see, the page is poorly formatted and has poor grammar too, and is asking for the end user to enter sensitive personal information, and then to call a phone number. It is also asking to choose an iPhone color and the end user will be redirected to a ‘sponsor’s website’. Already so many Red Flags!
And of course, 5 vendors have already flagged this URL as Malicious (Phishing), using the AdSecure platform.
And surely enough, the violations Suspicious TLD and Back Button Hijack have been detected in the page’s redirection! Along with Phishing, all in all this ‘lucky draw’ contains 3 different threats for the end user!
Conclusion: How to protect your end user from New Year’s Sales scams
If you are an Ad Network or a Publisher, it is your responsibility to keep your ad supply chain clean and safe to protect end users from online Malvertising attempts and online threats over the January sales period, and all year round. Increasingly more online businesses are not only relying on an in-house Compliance team, but also use dedicated software to automate processes and guarantee security 24/7 and avoid human error.
‘Tis the time to take ad security threats seriously! To learn more about how to stop Malvertising attempts over January and always, get in touch with us in order to get more information on AdSecure's services! Or why not sign up now for a Free Trial now and start protecting your end users and online business now?