Hackers are increasingly using online ads for malicious purposes. Often, it’s happening through routine Google searches.
These schemes are dubbed malvertising, and cyber criminals are striking more often and with increased sophistication. In fall 2023, cybersecurity software firm Malwarebytes tracked a 42% increase month-over-month in malvertising incidents in the U.S. All types of brands are being targeted, whether it’s for phishing purposes or for actual malware, said Jérôme Segura, senior director of research at Malwarebytes. “What I’m seeing is just the tip of the iceberg,” he said.
Many of these rogue ads appear as sponsored content during a search engine query on a desktop or mobile device. But malicious code can also be hidden in ads that appear on mainstream websites consumers routinely visit. Some of these ads will only ensnare consumers who click on them, but in some cases, people can be vulnerable in a more passive way — sometimes just by visiting an infected site, said Erich Kron, security awareness advocate for KnowBe4, a security awareness and training company.
Corporate employees can also be targets of malvertising, Segura said. He cited a few actual examples that were recently uncovered involving big companies. Lowe’s staff members were targeted via a Google ad for an employee portal claiming to be associated with the retailer. Clicking on the link, “myloveslife.net,” which contains a misspelling of the company’s name, took users to a phishing page with Lowe’s logo. This had the potential to confuse employees since many don’t know offhand the URL for their internal website. “You see the brand, even the official logo of that brand, and for you it’s enough to think it’s real,” Segura said.
Segura also cited an ad meant to impersonate Salesforce-owned communication tool Slack. Initially, by clicking on the ad, he was redirected to a price page on Slack’s official website. But suspecting bad actors were at play, Segura dug deeper and uncovered an impersonation ploy, which involved trying to convince unsuspecting users to download something purporting to be the Slack app.
It’s not Google’s fault, but don’t trust it
Malvertising is not new, but cybercriminals are getting smarter and the ads are often so realistic that it’s easy to be duped. The problem is exacerbated by the fact that so many people use and trust Google as a search engine, where many of the malicious ads can be found. It’s not a problem with Google, per se; malicious ads can also show up in queries using other search engines like Microsoft’s Bing. It’s just that Google is such a widely used search engine and people trust it and let their guard down. “You see something appearing on a Google search, you kind of assume it is something valid,” said Stuart Madnick, professor of information technology at MIT Sloan School of Management.
Consumers can also fall prey to malicious ads on trusted websites they visit regularly. Many of these ads are legitimate, but some bad ones can slip through the cracks. “It’s like the post office. Does the mailman check every letter you get to make sure it’s really from Publishers Clearing House?” Madnick said.
Be very careful about where and when you click
Consumers can take steps to protect themselves against malvertising attempts. For instance, they should avoid clicking on sponsored links that come up during an internet search. Often, the first ad below the sponsored one will be the product they are looking for, and since it isn’t sponsored, there’s less chance of being sidelined by malicious code or a phishing attempt.
If you do click on a sponsored link, check the URL at the top of the web page to make sure it’s really where you meant to be before taking any other actions. For example, if you’re trying to visit Gap.com, make sure you’re not really on Gaps.com. Consumers who find themselves on a suspicious site should close the window immediately, said Avinash Collis, assistant professor at Carnegie Mellon University’s Heinz College. In most cases, this will avoid further trouble, he said.
Consumers also need to be careful about clicking ads they see on trusted websites, Kron said. They may, for instance, see ads for products that are much lower in cost than elsewhere. But Kron recommends not clicking and instead visiting the trusted website of the product seller. Most of the time, consumers will be able to search on the provider’s site if a special deal exists, or the deal will be highlighted on the main page of the trusted website, he said.
Also avoid calling a telephone number listed in a sponsored ad because it could be a fake telephone number. If you call it, cyber thieves could gain access to your computer or your personal information, depending on the scheme, said Chris Pierson, CEO of BlackCloak, a cybersecurity and privacy platform that provides digital executive protection for corporate executives.
Consumers should make sure they are calling a number from official product documentation they have in their possession, Pierson said. Alternatively, consumers could visit the company’s home page for this information. “Doing a [web] search could return results that are not sponsored by the company and telephone numbers that are associated with cybercriminals. All it takes to get an ad out there is money and, of course, cybercriminals that are stealing money, have the ability to pay for that bait,” Pierson said.
Avoid ‘drive-by-downloads’
Consumers should also make sure the operating system and internet browsers are up-to-date on their computer and mobile phone.
So-called drive-by-downloads, which can impact people who merely visit a website infected with malicious codes, generally rely on a vulnerability in the user’s browser. This is not as much of a threat for people who keep their browsers and browser extensions up-to-date, Kron said.
Consumers could also consider installing anti-malware software on their computer and phone. Another option is to avoid ads by installing an ad blocker extension such as uBlock Origin, a free and open-source browser extension for content filtering, including ad blocking. Some consumers may also opt to install a privacy browser such as Aloha, Brave, DuckDuckGo or Ghostery on their personal devices. Many privacy browsers have embedded ad blockers; consumers may still see sponsored ads, but they will see fewer of them, which minimizes the chances of malvertising.
Consumers who come across suspicious ads should report them to the applicable search engine for investigation and removal if deemed malicious, Collis said. This can help protect other people from being ensnared.
Proper safety precautions are especially important since there are millions of ads on the internet and cyber thieves are relentless. “You should assume that this could happen to you no matter how careful you are,” Madnick said.
The Texas Instruments headquarters in Dallas, Texas, on Jan. 21, 2024.
N. Johnson | Bloomberg | Getty Images
Texas Instrumentsreported second-quarter results on Tuesday that beat analysts’ expectations for revenue and earnings. But the stock fell in extended trading due to a third-quarter forecast that missed estimates.
Here’s how the chipmaker did versus LSEG consensus estimates:
Earnings per share: $1.41 vs. $1.35 expected
Revenue: $4.45 billion vs. $4.36 billion expected
Texas Instruments said it expects current-quarter earnings between $1.36 and $1.60 per share, while analysts were looking for $1.50 per share. The company forecast revenue of $4.45 billion to $4.8 billion, for a midpoint of $4.625 billion. Analysts were expecting revenue of $4.59 billion.
Revenue increased 16% in the second quarter from $3.82 billion in the same period a year earlier. Sales in the company’s analog chip business, its largest, rose 18% to $3.5 billion, surpassing the StreetAccount estimate of $3.39 billion for the segment.
Net income rose 15% to $1.3 billion, or $1.41 per share, from $1.13 billion, or $1.22 per share, a year ago.
Texas Instruments is a key supplier of legacy semiconductors for automotive and industrial uses.
As of Tuesday’s close, Texas Instruments shares were up 15% for the year on broader market optimism for chips. In June, the company said it would spend $60 billion to expand chipmaking factories in Texas and Utah, a move that was praised by the Trump administration in its push to bring more technology manufacturing to the U.S.
Jeff Bezos, founder and executive chairman of Amazon, takes the stage during The New York Times’ annual DealBook Summit, at Jazz at Lincoln Center in New York City on Dec. 4, 2024.
The meeting between Trump and Bezos, one of the world’s richest men, lasted for more than an hour, according to two people familiar with the matter who asked not to be named because the conversation was private.
Amazon declined to comment on the meeting. A spokesperson for Bezos didn’t immediately respond to a request for comment.
The nature and exact timing of the visit couldn’t be learned.
A Gulfstream G700 private jet linked to Bezos landed in Dulles, Virginia, outside Washington, on July 14 before taking off the next day, according to Jack Sweeney, a programmer who tracks flight data from jets owned by Elon Musk, Bill Gates and others.
Bezos, who also owns rocket company Blue Origin, has cozied up to Trump during his second term in the White House. Trump frequently hurled insults at Bezos during his first term, largely because of the Amazon founder’s ownership of The Washington Post.
Read more CNBC Amazon coverage
Bezos joined a swath of tech CEOs on stage at Trump’s inauguration in January after donating $1 million to his inaugural fund.
The Trump administration praised Bezos for his decision to revamp the Post’s editorial pages to focus on “personal liberties and free markets.”
In April, Trump said Bezos, who stepped down as Amazon’s CEO in 2021, was “terrific” and “a good guy” after the billionaire assured Trump that the e-commerce giant had no plans to display tariff-related surcharges on its website.
More recently, Bezos has reportedly sought to capitalize on the dramatic falling-out between Trump and Musk, who spent more than $250 million to help Trump win a second White House term and previously led the government-slashing initiative called the Department of Government Efficiency.
Bezos competes with Musk, who is the CEO of SpaceX, through Blue Origin and Project Kuiper, Amazon’s low-Earth orbit satellite internet venture.
After Trump and Musk’s relationship soured, Bezos spoke with Trump on several occasions, while Blue Origin CEO Dave Limp traveled to the White House, The Wall Street Journal reported, citing people familiar with the matter.
The conversations centered in part on government contracts, according to the Journal.
Amazon logo on a brick building exterior in San Francisco on Aug. 20, 2024.
Smith Collection | Gado | Archive Photos | Getty Images
Amazon plans to acquire wearables startup Bee AI, the company confirmed, in the latest example of tech giants doubling down on generative artificial intelligence.
Bee, based in San Francisco, makes a $49.99 wristband that appears similar to a Fitbit smartwatch. The device is equipped with AI and microphones that can listen to and analyze conversations to provide summaries, to-do lists and reminders for everyday tasks.
Bee CEO Maria de Lourdes Zollo announced in a LinkedIn post on Tuesday that the company will join Amazon.
“When we started Bee, we imagined a world where AI is truly personal, where your life is understood and enhanced by technology that learns with you,” Zollo wrote. “What began as a dream with an incredible team and community now finds a new home at Amazon.”
Amazon spokesperson Alexandra Miller confirmed the company’s plans to acquire Bee. The company declined to comment on the terms of the deal.
Read more CNBC tech news
Amazon has introduced a flurry of AI products, including its own set of Nova models, Trainium chips, a shopping chatbot and a marketplace for third-party models called Bedrock.
The company has also overhauled its Alexa voice assistant, released more than a decade ago, with AI capabilities as Amazon looks to chip away at the success of rivals such as OpenAI’s ChatGPT, Anthropic’s Claude and Google’s Gemini.
Ring, the smart home security company owned by Amazon, has also looked to introduce generative AI in some of its products.
Amazon previously experimented in the wearables space through a health and fitness-focused product called Halo. It sunset the Halo in 2023 as part of a broader cost-cutting review.
Other tech companies have launched AI-infused consumer hardware with mixed success.
There’s the Rabbit R1, a small square gadget that costs $199 and uses an OpenAI model to answer questions, as well as the AI pin developed by Humane, which later sold to HP.
Meta‘s Ray-Ban smart glasses have grown in popularity since the first version was released in 2021.
OpenAI in May acquired Jony Ive‘s AI devices startup io for roughly $6.4 billion. The company reportedly plans to develop a screen-free device.