The holiday season represents some of the most significant sales opportunities of the year; it’s crucial for businesses to protect their revenue and stay vigilant against online scams and malicious advertising.
For many businesses, the fourth quarter represents the highest revenue potential for the year, with online shopping and ad spending at their peak. But with this opportunity comes some risk; online scams and malicious advertising also hit their highest point around this time, jeopardizing lucrative seasonal revenue. clean.io, a leading digital engagement security platform recently acquired by HUMAN security, is sharing its most valuable tips to prepare businesses for a busy fourth quarter and holiday season.
“Companies set their biggest revenue targets during the fourth quarter, and malvertising presents one of the most significant risks to meeting those goals,” said Geoff Stupay, CEO of clean.io. “For some of our clients, monthly losses were as high as 3%. But let’s not forget that malvertising also wreaks havoc on proper revenue attribution and data collection, leaving companies with an inaccurate representation about what went right and wrong during its most profitable quarter — it’s not a good way to start the new year.”
1. URL redirects are one of the most common attack vectors used by malicious advertisers. They occur when users click a compromised link on a trusted business’s website. This link reroutes visitors without their consent to an untrusted external site. Redirects are a strong indicator that malware is present and at work. While search engines have proprietary mechanisms for detecting redirects, it’s good practice for companies to have a protocol in place. Some of the most effective methods for that include:
- Using a web application firewall
- Keeping software updated as often as possible to prevent zero-day vulnerabilities
- Using an automated web scanner
- Purpose-built anti-malvertising tools like cleanAD
2. Public data shows that malvertising occurs at the highest rate on weekends and holidays, and as many as one out of every 100 ads may be vulnerable to malicious ads. Blocklisting removes known bad actors and potential threats and is an effective way to mitigate such threats. The National Security Agency issued guidance on blocking ad content to mitigate malvertising through network and host-based solutions, which include:
- Using DNS to block known ad domains
- Blocking ads at the host or endpoint level and
- Blocking ads through the use of browser extensions
3. As an e-commerce merchant, taking a proactive approach — going beyond to detect and eliminate instances of malvertising — is key to prevention. cleanAD makes malicious advertising unprofitable for bad actors by analyzing ad behavior in real time and targeting specific triggers associated with malicious activity. When cleanAD discovers such triggers, it prevents the malicious code from executing but allows ad auctions to complete and render on the page. As a result, the bad actor has paid for the ad but receives no engagement.
Malvertising, a portmanteau of the words malicious advertising, involves bad actors purchasing and submitting ads that appear normal but execute malicious activity on the publisher’s site. When clicked, those ads inject malware into a user’s device, which can obtain personal information or perform other nefarious activities through phishing or other means. It’s the business’s responsibility to provide a memorable user experience on its website, and malvertising can severely impact brand reputation.