Malvertising is the Grinch that could steal your Christmas cheer – and your money. 1News explains what it is and how to avoid it.
As if Christmas shopping wasn’t stressful enough – with balancing the budget and figuring out what to buy Barry from accounting for the office Secret Santa – we must also now worry about all the ways people are trying to scam us while we’re browsing online.
There was a dramatic spike in malvertising and adware around the world during last year’s holiday shopping period, according to cybersecurity brand Norton.
Global data from Norton parent company Gen showed an increase of more than 53% in malvertising last holiday season, while adware — malicious software often distributed via malvertising — increased by 227% over the same period.
Similar scams will likely be circulating this holiday season, too.
So, what is malvertising?
Malvertising is the practice of embedding malicious code in an online ad to spread malware or redirect users to harmful sites.
Cybercriminals buy ad space from advertising networks and then submit the images that contain the malicious code.
The ads can appear on legitimate websites, including social media networks, and can infect people’s devices with malware in one of two ways – through people clicking on the infected ads or, more worryingly, simply visiting a website that has a corrupted ad on it.
The latter type of malware attack is known as a drive-by download, where an infected ad need only load on the page to harm your device.
READ MORE: What I learned from my brush with a phone scam syndicate
Clicking a malicious ad could direct people to fake websites that look legitimate and trick people into giving their personal information and credit card details. A drive-by download could install malware that operates in the background and tracks keystrokes, emails, and other information.
People can try and avoid malvertising through installing reputable ad blockers and security software, and ensuring the operating systems on their devices are regularly updated.
A Norton spokesperson told 1News it’s too early in the holiday shopping season to tell how many New Zealanders are falling victim to malvertising.
“However, it’s certainly a growing concern as online scams become increasingly sophisticated,” they said.
More New Zealanders are aware of potential shopping scams this year — and are realising they might not be able to tell which ones are scams, according to Norton’s trended data.
“In 2024, 53% of New Zealanders are concerned that their social media feed will be filled with scam ads offering goods they want, and they won’t be able to identify the scam — this is up from 48% last year,” its spokesperson said.
Fifty-one percent of New Zealanders are also worried they will be scammed while shopping online on Black Friday or Cyber Monday, up from 43% last year.
How to shop safer
New figures show Kiwis were duped out of more than $200 million last year alone. (Source: 1News)
There are several other things people should do and be aware of while shopping this holiday season, says Mark Gorrie, managing director for Norton APAC.
His tips include:
- Watch out for fake stores. Scammers can create convincing fake apps and websites, so only download apps from the Apple app store or Google Play
- Type official URLs directly into your browser and avoid clicking on shortened links or QR codes from unknown sources
- Avoid clicking on unsolicited links in texts, emails, or social media messages. If a special deal catches your eye in an ad, search for the retailer’s official site directly.
- Avoid storing credit card details on websites and share as little information as possible while shopping
- Use secure payment options such as PayPal, Apple Pay, and Google Pay
- Always shop on private networks instead of public Wi-Fi. If you must use public Wi-Fi, secure your connection with a VPN.
- If you need to use a password to shop on a site, make sure it’s not a password you use elsewhere.
Finally, Gorrie advises people to share as little personal information as possible when shopping online.
Norton’s study found two in five New Zealanders are willing to give their phone number and email for a discount of just 25% or less – and this could expose them to data risks.
“What’s particularly concerning is how the pressure to save money in a high cost-of-living environment makes people more likely to engage with suspicious deals, despite their awareness of the risks,” Gorrie said.
“Their willingness to hand over personal data – phone numbers, email addresses, and other sensitive information – to secure deals and overlook potential red flags grows and can leave them vulnerable, not only to losing personal data but also to significant financial losses.”