n our second notice during Cyber Security Awareness Month, I wanted to send a notice about one of the most common types of scams.  We've had a lot of contact from faculty/staff over the past year, and even some examples of individuals engaging with the scammers thinking they were Microsoft or some other technology company.

 

Malvertisting

What is it?

These scams start as fraudulent advertisements, often called malvertising (as in 'bad advertising' much like malware is 'bad software').  These ads may come up on legitimate websites, though the ads themselves are fraudulent.

 

Categories of scams

There are a few different categories of these but we'll focus on the two most common types.  For each, I'll list how they work and how you can protect against them.

 

Drive-by attacks:

• What is it: The most dangerous type is silent and require no user interaction. They infect a computer that has one or more vulnerabilities (most typically by having an out-of-date web browser that has unpatched vulnerabilities) and install malicious software on the computer.  This often takes no interaction from the user.
• Prevention/mitigation: Because these can come up on legitimate websites, the only real defenses against these are:
  • Up-to-date web browsers, browser extensions, and anti-malware software.
  • Ad blocking plugins (see the end of the message for more on this)

Fraudulent Tech Support Scams:

• What is it: These attacks will pop-up a message or spam email (sometimes even with an audible alarm or voice alert), or even unsolicited phone calls warning that your computer is compromised.  They tell the recipient that they have to click a link or call a number for assistance.  The message will usually claim it is from a big tech company, most commonly Microsoft, but other companies like Apple, Google, or even Best Buy's Geek Squad are examples of this.
  
  If someone engages with these criminals, one or both of the following can happen:

  • They will try to trick people into installing software that lets them remotely fix the problem.  This is of course real malware, not the fake stuff they are claiming to fix.  By trying to fix a supposed virus infection, you've actually caused one.

  • They can also try to trick people into paying a fee via credit/debit to fix the issue.  Whether or not they drain your credit card, or just take their fraudulent fee, depends on the scammer.
     
• Prevention/mitigation:
  • Using an Ad Blocking plugin (see the end of the message for more on this)
  • A healthy sense of suspicion and caution.  A pop-up like this from a website is never going to be legitimate.  A legitimate website isn't going to know whether you have malware, or system problems.  If you receive an alert like this on a college owned device, contact the Service Desk (or just restart your web browser and it will go away).
    
    Actual malware detected on college owned computers is reported to Information Technology Services for us to deal with.

An example of one of these is shown below, courtesy of Malwarebytes Labs, though the exact message text and design of these can vary greatly.

 

 

 

What is ad blocking?

These are plugins/extensions that you can add to a web browser to help block advertisements.  These don't differentiate between malicious advertisements or legitimate ones.  That is because most ad networks don't do the vetting they should to verify their ads are safe.

 

How do I get an ad blocker?

We recommend using either of the following:

• uBlock Origin (available for free from: https://ublockorigin.com/)
• Adblock Plus (available for free from: https://adblockplus.org/)

Note: These plugins are relatively easy to use on a computer.  Ad blocking on mobile devices is more complicated and (in the case of Android) often require a separate browser from the default one, like installing Firefox Mobile.

What about the ethical concerns of ad blocking?

Many websites rely on the advertisement revenue they receive.  Some even say that using sites while blocking their ads, you are effectively stealing from these sites.

I understand those concerns, I'm sure some will disagree, but I am firmly in the camp of blocking, unless the advertisement networks start cleaning up their act and ensuring that the ads are safe and non-fraudulent. 

 

What are the risks of using ad blockers?

You will often find pleas from sites, asking you to turn off your ad blocker.  There are some sites where they won't work with ad blocking on.

You will have to decide on a case-by-case basis whether you use a different site, or disable ad blocking on a per-site basis.