Hackers are increasingly using online ads for malicious purposes. Often, it’s happening through routine Google searches.
These schemes are dubbed malvertising, and cyber criminals are striking more often and with increased sophistication. In fall 2023, cybersecurity software firm Malwarebytes tracked a 42% increase month-over-month in malvertising incidents in the U.S. All types of brands are being targeted, whether it’s for phishing purposes or for actual malware, said Jérôme Segura, senior director of research at Malwarebytes. “What I’m seeing is just the tip of the iceberg,” he said.
Many of these rogue ads appear as sponsored content during a search engine query on a desktop or mobile device. But malicious code can also be hidden in ads that appear on mainstream websites consumers routinely visit. Some of these ads will only ensnare consumers who click on them, but in some cases, people can be vulnerable in a more passive way — sometimes just by visiting an infected site, said Erich Kron, security awareness advocate for KnowBe4, a security awareness and training company.
Corporate employees can also be targets of malvertising, Segura said. He cited a few actual examples that were recently uncovered involving big companies. Lowe’s staff members were targeted via a Google ad for an employee portal claiming to be associated with the retailer. Clicking on the link, “myloveslife.net,” which contains a misspelling of the company’s name, took users to a phishing page with Lowe’s logo. This had the potential to confuse employees since many don’t know offhand the URL for their internal website. “You see the brand, even the official logo of that brand, and for you it’s enough to think it’s real,” Segura said.
Segura also cited an ad meant to impersonate Salesforce-owned communication tool Slack. Initially, by clicking on the ad, he was redirected to a price page on Slack’s official website. But suspecting bad actors were at play, Segura dug deeper and uncovered an impersonation ploy, which involved trying to convince unsuspecting users to download something purporting to be the Slack app.
It’s not Google’s fault, but don’t trust it
Malvertising is not new, but cybercriminals are getting smarter and the ads are often so realistic that it’s easy to be duped. The problem is exacerbated by the fact that so many people use and trust Google as a search engine, where many of the malicious ads can be found. It’s not a problem with Google, per se; malicious ads can also show up in queries using other search engines like Microsoft’s Bing. It’s just that Google is such a widely used search engine and people trust it and let their guard down. “You see something appearing on a Google search, you kind of assume it is something valid,” said Stuart Madnick, professor of information technology at MIT Sloan School of Management.
Consumers can also fall prey to malicious ads on trusted websites they visit regularly. Many of these ads are legitimate, but some bad ones can slip through the cracks. “It’s like the post office. Does the mailman check every letter you get to make sure it’s really from Publishers Clearing House?” Madnick said.
Be very careful about where and when you click
Consumers can take steps to protect themselves against malvertising attempts. For instance, they should avoid clicking on sponsored links that come up during an internet search. Often, the first ad below the sponsored one will be the product they are looking for, and since it isn’t sponsored, there’s less chance of being sidelined by malicious code or a phishing attempt.
If you do click on a sponsored link, check the URL at the top of the web page to make sure it’s really where you meant to be before taking any other actions. For example, if you’re trying to visit Gap.com, make sure you’re not really on Gaps.com. Consumers who find themselves on a suspicious site should close the window immediately, said Avinash Collis, assistant professor at Carnegie Mellon University’s Heinz College. In most cases, this will avoid further trouble, he said.
Consumers also need to be careful about clicking ads they see on trusted websites, Kron said. They may, for instance, see ads for products that are much lower in cost than elsewhere. But Kron recommends not clicking and instead visiting the trusted website of the product seller. Most of the time, consumers will be able to search on the provider’s site if a special deal exists, or the deal will be highlighted on the main page of the trusted website, he said.
Also avoid calling a telephone number listed in a sponsored ad because it could be a fake telephone number. If you call it, cyber thieves could gain access to your computer or your personal information, depending on the scheme, said Chris Pierson, CEO of BlackCloak, a cybersecurity and privacy platform that provides digital executive protection for corporate executives.
Consumers should make sure they are calling a number from official product documentation they have in their possession, Pierson said. Alternatively, consumers could visit the company’s home page for this information. “Doing a [web] search could return results that are not sponsored by the company and telephone numbers that are associated with cybercriminals. All it takes to get an ad out there is money and, of course, cybercriminals that are stealing money, have the ability to pay for that bait,” Pierson said.
Avoid ‘drive-by-downloads’
Consumers should also make sure the operating system and internet browsers are up-to-date on their computer and mobile phone.
So-called drive-by-downloads, which can impact people who merely visit a website infected with malicious codes, generally rely on a vulnerability in the user’s browser. This is not as much of a threat for people who keep their browsers and browser extensions up-to-date, Kron said.
Consumers could also consider installing anti-malware software on their computer and phone. Another option is to avoid ads by installing an ad blocker extension such as uBlock Origin, a free and open-source browser extension for content filtering, including ad blocking. Some consumers may also opt to install a privacy browser such as Aloha, Brave, DuckDuckGo or Ghostery on their personal devices. Many privacy browsers have embedded ad blockers; consumers may still see sponsored ads, but they will see fewer of them, which minimizes the chances of malvertising.
Consumers who come across suspicious ads should report them to the applicable search engine for investigation and removal if deemed malicious, Collis said. This can help protect other people from being ensnared.
Proper safety precautions are especially important since there are millions of ads on the internet and cyber thieves are relentless. “You should assume that this could happen to you no matter how careful you are,” Madnick said.
But the first full trading week of the month saw stocks caught in November rains.
The S&P 500 and Dow Jones Industrial Average each lost more than 1%, while the Nasdaq Composite shed around 3% — that’s its largest weekly loss since the tech-heavy index slumped 10% in the week ended April 4.
A few months ago, tariffs were the shadows that stalked stocks. Now, it’s fears that artificial intelligence-related stocks are trading at prices disconnected from what the firms are actually worth.
“You’ve got trillions of dollars tied up in seven stocks, for example. So, it’s inevitable, with that kind of concentration, that there will be a worry about, ‘You know, when will this bubble burst?‘” CEO of DBS, Southeast Asia’s largest bank,Tan Su Shan told CNBC.
“It’s likely there’ll be a 10 to 20% drawdown in equity markets sometime in the next 12 to 24 months,” Solomon said Tuesday at the Global Financial Leaders’ Investment Summit in Hong Kong.
That said, a pullback isn’t necessarily bad for stocks. It could even present “buying opportunities” for investors, according to Glen Smith, chief investment officer at GDS Wealth Management.
After all, earnings have been “reassuring” despite worries about tech stocks’ high valuations, Kiran Ganesh, multi-asset strategist at UBS, told CNBC. That means the rain might not last and the rally could find a way to run a little longer.
— CNBC’s Lee Ying Shan, Hugh Leask and Lim Hui Jie contributed to this report.
China consumer prices pick up in October. The consumer price index, released Sunday, showed a 0.2% growth year on year. It beats analysts’ expectations of zero growth and is the first month since June that prices rose.
U.S. government on track to end shutdown. Enough Democratic senators had agreed to vote for a deal that would fund the U.S. government through the end of January, a person familiar with the deal told CNBC.
Another missed jobs report. The ongoing U.S. government shutdown — which is now the longest ever — means the Bureau of Labor Statistics couldn’t release its monthly employment data. Here’s what economists would have expected the report to show.
[PRO] Stocks that could bounce after sell-off. Using CNBC Pro’s stock screener tool, we found several names that are oversold, according to their 14-day relative strength index. This implies they could be due for a recovery in prices.
Fundraisers and fraudsters are presenting themselves as family office representatives, seeking to dupe gullible investors — and then there are also imposters who are in it just for an “ego boost,” several industry veterans told CNBC.
An information vacuum seems to have encouraged imposters. In many markets, genuine single family offices, or SFOs, are exempt from registering so long as they manage only family money. That privacy norm often makes verification hard, said industry experts.
It was a terrible start to November on Wall Street. The tech-heavy Nasdaq sank just over 3% in its worst weekly performance since early April. The S & P 500 fell 1.6% for the week. Both stock measures broke three-week winning streaks.This week’s market decline, which followed a strong October, can be chalked up to two reasons. First, investors grew concerned about the eye-watering valuations of stocks tied to artificial intelligence. Case in point: Nvidia lost its $5 trillion market cap designation in a weekly loss of 7%. The weakness in Nvidia was exacerbated by the realization that China would not be opening back up in a meaningful way for the powerhouse of AI chips. While management has not included China sales in its outlook for months, many investors still thought it could happen. Still, we maintain our long-held “own it, don’t trade” thesis on Nvidia. .SPX .IXIC 5D mountain S & P 500 and Nasdaq weekly performance Second, there were emerging signs that the government shutdown, now the longest in U.S. history, was starting to harm the economy. Job cuts last month reached their highest levels for any October in 22 years, according to Thursday’s reading from outplacement firm Challenger, Gray & Christmas. A day later, the latest monthly consumer sentiment survey from the University of Michigan registered nearly its worst reading ever. These reports from private organizations have taken on added importance since the shutdown, which started on Oct. 1 and has delayed most government economic data. During this week of market turmoil, we executed three trades. On Monday, we added to our Starbucks position. The stock has taken a beating with other restaurant names on fears of a weakening consumer. In this case, we think the decline is overblown. After all, the turnaround story under CEO Brian Niccol remains strong. “With shares trading back to their ‘Liberation Day’ tariffs lows in early April, we see this recent weakness as an opportunity to slowly scoop up more,” Jeff Marks, the Investing Club’s director of portfolio analysis, wrote in a trade alert. “Niccol has embarked on an ambitious plan to bring back the coffeehouse atmosphere and fix its stores through a new operating and staffing model called Green Apron Service . It’s taken a few quarters, but the turn has finally started.” The Club also snapped up more Boeing stock Tuesday. Shares dropped significantly after the aircraft maker’s earnings report last week, caused by a larger-than-expected charge on its 777X program. Yes, the quarter was a frustrating setback. But the decline presented a great opportunity for long-term investors like us. “The turnaround under Boeing CEO Kelly Ortberg is still progressing nicely, driven by better execution on its 737 program,” Marks wrote in a trade alert. “With production moving from 38 airplanes per month to 42 — then eventually 47 and 52 under FAA guidance in the future — Boeing’s ability to make and deliver more planes will lead to strong free cash flow generation in the years ahead.” The market’s pullback Thursday gave us a chance to buy more GE Vernova stock. Shares have tumbled as AI-linked names have been scrutinized for their valuations. That’s because GE Vernova is one of the world’s largest producers of gas-fired turbines, which are used to create electricity and electrification products found in data centers. The company’s sales heavily benefit from the insatiable demand for more energy due to the frantic AI infrastructure race. “We are using this downturn to buy more shares since we still have a positive long-term outlook on the need for increased electricity investment,” Marks wrote in another trade alert. Eli Lilly made headlines this week. President Donald Trump on Thursday announced a GLP-1 pricing deal with Lilly and rival drugmaker Novo Nordisk that would lower prices for certain weight-loss treatments in exchange for coverage in Medicare and Medicaid programs. This was huge news for Lilly because it can expand access to Zepbound, increasing the blockbuster weight-loss drug’s total addressable market. Eli Lilly is also behind GLP-1 Mounjaro, but it was not included in the deal. That’s not the only piece of good news for Lilly. Management announced positive mid-stage trial results for its experimental amylin obesity drug. The once-a-week shot called eloralintide was shown to help patients shed pounds while maintaining muscle mass. Shares of Eli Lilly were up 7% for the week. this week. Quarterly earnings and spinoff news were also in focus. Eaton delivered a mixed third-quarter report Tuesday morning, which beat on adjusted earnings per share (EPS) but missed on revenue and organic sales. Although the headline results were uneven, the Club still found bright spots in the release. Overall segment profit and profit margin, for example, beat expectations and reached new quarterly records. DuPont posted a beat on the top and bottom line Thursday morning — less than a week after the spinoff of Qnity Electronics. Shares of DuPont slipped right after because of noise around quarterly numbers due to the split and divestiture of its Aramids business. Still, the underlying fundamentals for the new DuPont look strong, and the stock was our biggest winner on the week, up 16.5% to nearly $40. The Club downgraded shares to our 2 rating . We also adjusted our price target to $44. Solstice Advanced Materials, which recently split from Club name Honeywell , reported earnings on Thursday with no major surprises. There was a 7% topline growth, which was provided when Honeywell posted its own results just two weeks ago. Plus, it was all fairly consistent with what was said at an investor day last month. Texas Roadhouse shared a mixed earnings report Thursday night, posting better-than-expected comps despite concerns of softening consumer spending. However, higher beef prices caused the steakhouse chain to raise its commodity inflation outlook, which has weighed on Texas Roadhouse’s profitability for some time. We’re not giving up on the Club stock yet. Wall Street heard from Qnity on Thursday night, too. Not earnings, we learned about those numbers when DuPont reported, but management delivered a business update after the close, which made us hopeful of the company’s position to keep growing from secular trends like AI in the years ahead. The Club issued a buy-equivalent 1 rating on the stock and a price target of $110. Qnity stock has been volatile and closed Friday just over $92. (See here for a full list of the stocks in Jim Cramer’s Charitable Trust.) As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust’s portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY , TOGETHER WITH OUR DISCLAIMER . NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB. NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.
State Street is reiterating its bullish stance on the artificial intelligence trade despite the Nasdaq’s worst week since April.
Chief Business Officer Anna Paglia said momentum stocks still have legs because investors are reluctant to step away from the growth story that’s driven gains all year.
“How would you not want to participate in the growth of AI technology? Everybody has been waiting for the cycle to change from growth to value. I don’t think it’s happening just yet because of the momentum,” Paglia told CNBC’s “ETF Edge” earlier this week. “I don’t think the rebalancing trade is going to happen until we see a signal from the market indicating a slowdown in these big trends.”
Paglia, who has spent 25 years in the exchange-traded funds industry, sees a higher likelihood that the space will cool off early next year.
“There will be much more focus about the diversification,” she said.
Her firm manages several ETFs with exposure to the technology sector, including the SPDR NYSE Technology ETF, which has gained 38% so far this year as of Friday’s close.
The fund, however, pulled back more than 4% over the past week as investors took profits in AI-linked names. The fund’s second top holding as of Friday’s close is Palantir Technologies, according to State Street’s website. Its stock tumbled more than 11% this week after the company’s earnings report on Monday.
Despite the decline, Paglia reaffirmed her bullish tech view in a statement to CNBC later in the week.
Meanwhile, Todd Rosenbluth suggests a rotation is already starting to grip the market. He points to a renewed appetite for health-care stocks.
“The Health Care Select Sector SPDR Fund… which has been out of favor for much of the year, started a return to favor in October,” the firm’s head of research said in the same interview. “Health care tends to be a more defensive sector, so we’re watching to see if people continue to gravitate towards that as a way of diversifying away from some of those sectors like technology.”
The Health Care Select Sector SPDR Fund, which has been underperforming technology sector this year, is up 5% since Oct. 1. It was also the second-best performing S&P 500 group this week.
