Stop Falling For Fake Ads

They’re unsolicited, unverified…you don’t even know if they are who they say they are. So why do you keep clicking?

So many consumers are so reckless online. They’ll click on anything that gets their attention. An unsolicited text from “FedEx,” asking them to click on the tracking link for a package they never ordered. A “Facebook friend” notification from a friend who is already a Facebook friend. They never stop to think that’s NOT FedEx. That’s NOT your Facebook friend. It’s an impostor working to install malware on your computer and steal your personal information.

The latest online scam is no different.

The Federal Trade Commission (FTC) issued this alert about cyber thieves posting ads for fake artificial intelligence (AI) or other bogus software on Google and social media platforms. “If you click on a malicious ad, you end up on a cloned site that downloads malware onto your device,” wrote Alvaro Puig, consumer education specialist for the FTC. “Then the criminals can steal your information and sell it to other hackers on the dark web, or get access to your online accounts and scam others.”

It’s a simple rule, and it goes for all ads via email, text, search engine or social media: don’t click on anything you can’t verify, especially if it is unsolicited. Just because it appears on your Instagram feed doesn’t mean it’s for you. It doesn’t even mean it’s real.

Yet this “malvertising” has cost consumers and businesses between $6.5-19 billion, according to an eMarketer report linked in this 2022 comparitech post. The post also credited a report by Cyber Security Ventures, predicting these fake software ads could cost victims up to $10.5 TRILLION by the end of 2025.

So I ask again: why do you keep clicking?

Justine Kurtz of WEBROOT wrote in this blog that you keep clicking because of urgency and familiarity.

“By tapping into our own personal sense of urgency, cybercriminals are able to manipulate us in subtle ways that we may not realize until it is too late,” wrote Kurtz. “Hackers often use cleverly disguised email handles and targeted messaging, known as ‘spear phishing,’ to create a sense of trust and familiarity. This makes links appear more legitimate and makes us perceive the link as less risky.”

That’s why the Facebook friend clones scam works so well. That’s why you click on the link in that text that claims it’s from FedEx to track a non-existent package. FAMILIARITY.

But just because it appears to be your Facebook friend…just because it looks like FedEx…doesn’t mean it IS.

“We’ve been telling people this for years,” said Lee Cooper, owner of Cooper Systems, your #WiseChoice for computer sales and repair in Memphis. “If you don’t know who you’re dealing with, it’s best not to deal with them. If it is unsolicited and suggested by some ad, start your own investigation and initiate your own contact with a verified software or hardware vendor. You have to be discerning about who you give your personal information to.”

Cooper said our tendency to fall for these fake AI ads makes us more vulnerable to what he calls brute force attacks. “Brute force attacks involve systematically trying every possible combination of characters until the correct password is found,” Cooper wrote in the Cooper Systems Digital Insights blog. “Powerful AI systems can execute these attacks rapidly, emphasizing the importance of effectively securing online accounts for both individuals and organizations.”

Speaking of organizations, that comparitech post cited an Accenture security report that said employees are the main cause of cyberattacks on businesses large and small, whether by accident or intentional. Drayton Mayers, cybersecurity expert and owner of #WiseChoice IT support provider TeamLogic IT Memphis, said businesses have until June 9 to meet the provisions of the new FTC Safeguards Rule.

“Failure to do so may include heavy fines and perhaps even jail time if the company is breached and your personal and identifiable information is leaked,” said Mayers. “Bottom line, practice zero trust and good cyber hygiene. Follow the FTC’s instructions to remove malware or to recover a hacked account.”

The FTC recommended these tips to avoid clicking on fake ads that install malware:

• Never click on ANY ad to download software. If you see an ad that interests you, don’t click on it. Instead, verify the source. Find the legitimate company’s website.
• If you don’t know the website, search for it, but do NOT click on a search engine ad of the alleged site. “They’ll appear at the top of your search results page and might have a label that says ‘Ad’ or ‘Sponsored.’ Scroll past those to get to your search results,” said Puig.
• Make sure your computer’s security software, operating system, web browser and your phone are updated. Turn on automatic updates to keep up with the latest protections.

Maybe it’s an ad on your Instagram feed. Maybe it’s a Facebook notification claiming you “violated standards.” Maybe it’s a text or email, requesting that you click on a link to track a package or maintain a service.

Resist the urge to click. Each time. EVERY time. Verify the contact is real.

And remember: not every contact online is who they say they are.

Copyright 2023 Wise ChoicesTM. All rights reserved.