Malvertising Goes Legit? Sophisticated Scamming

The online world has become so established and embedded in our routines, it’s easy to forget that it’s still in many ways a wild-west frontier town where scams proliferate, bad guys lurk and justice is rough and uneven.

The SPAM mail carrying a virus is a well known foe of good Netizens. But the latest wave of shadowy schemes involves malvertising – using online display ads to disseminate destructive code. Today’s Online Media Daily details the story of a malvertiser who subscribed to the old notion that the best way to break into the house is to walk in through the front door with a smile.

A rogue group operating under the name BellasInteractive hung out its shingle as a legit ad agency based in San Jose, CA, specializing in major online media buys. Unlike some other malvertisers, their approach was slick from the website to their letters of incorporation and references.

As a result, and they were able to fool prospective clients into submitting credit card info over automated systems. As quoted in Online Media Daily:

“ClickFacts Founder-CEO, Michael Caruso estimates that at times, as much as 50% of self-service online display ads bought via a credit card can be ‘charge-backs’ due to stolen credit card numbers, which may themselves have been harvested via malware used to raid personal financial information from users.”

One source claims that the past year has seen a leap from roughly 1% of ads per site infected to between 10% and 20%.  This is largely due to how normalized our experience of online commerce has become, with social networks pulling ads from networks and a huge jump in the ability to make automated anonymous buys.

So it’s caveat emptor time out there, people – and it may be wise to revert to older ways of doing business even if that business is online advertising. No one is really watching your assets but you. The bottom line: You can’t be too careful.