Search engine advertising has become a breeding ground for sophisticated cyber scams, with malicious ads ("malvertising") showing an alarming upward trend in 2023. Recent data reveals a 42% monthly increase in US malvertising cases during fall 2023, followed by another 41% spike between July and September.
These deceptive ads are particularly dangerous when they appear in search results, where they gain an air of legitimacy by appearing alongside authentic content. Scammers strategically purchase ad space to target users searching for trusted organizations, from local government services to major retailers.
"Scammers are using the power of internet and advertising technology, which allows really immense targeting of the right victim," notes Jérôme Segura, senior director of threat intelligence at Malwarebytes. The continued investment in these schemes suggests they're generating substantial returns for cybercriminals.
The scope of the problem is massive. In 2023 alone, Google blocked or removed approximately 5.5 billion ads and suspended over 12.7 million advertiser accounts. However, attackers continue developing new methods to bypass detection systems.
Most malicious ad accounts are single-use, with 77% being discarded after one campaign. Research shows that 90% of ad fraud originates from Pakistan and Vietnam, though cybercriminals worldwide can purchase malvertising services.
These scams take various forms, from traditional phishing and credit card fraud to more sophisticated schemes like pig butchering investment scams and information-stealing malware. Even romance scams now incorporate malicious advertising techniques.
The United Nations Office on Drugs and Crime warns that malvertising poses risks to virtually all internet users, as infected ads can be distributed through legitimate advertising networks and are difficult to detect.
For consumers, the risk is particularly high when searching for popular brands and services. Researchers regularly observe malicious ads targeting searches for major companies like Walmart, Disney+, and Apple. The problem has become so severe that some companies must invest heavily in legitimate search advertising simply to protect their brand from scammers.
While search engines implement various protective measures, including clear ad labeling and fraud detection systems, the limited screen space on mobile devices can make it challenging for users to distinguish between legitimate and malicious content.