If you are a business owner, or looking to become one, you are likely familiar with utilizing Facebook ads as a way to reach a wider audience and promote your products or services. While this platform has several benefits, it’s important to be cautious of the potential for ad fraud on the platform. Facebook ad fraud is a very real threat that can harm your business’s reputation and finances.
One type of ad fraud that has been on the rise is called “malverposting,” a term used to describe the use of Facebook ads to distribute malware. In a recent study by Guardio Labs, over 500,000 infections were estimated to have occurred as a result of malverposting campaigns on Facebook.
In this blog post, we’ll explore these latest developments in Facebook ad fraud and give you tips on how to protect your business from malicious attacks.
What Is Malverposting?
Malverposting involves creating ads that appear legitimate but actually contain malicious code or links to malware-infected websites. When users click on these ads, they unknowingly download malware onto their device, which can then be used to steal sensitive information or conduct other harmful activities.
This malware campaign is often transmitted through seemingly safe files like .jpg or .pdf files that are sometimes shared via Dropbox or Google Drive. Once downloaded, the malware can execute on any computer running .NET Core.
Another phishing campaign called “Ducktail” is also targeting campaign managers who own and/or manage large Facebook ad campaigns. This attack functions in the same manner as the malware does.
How Do These Attacks Affect the Victim?
Once the victim interacts with the ad, the malware will steal browser cookies from popular browsers like Chrome, Edge, Brave, and Firefox, as well as system information, eventually targeting their Facebook credentials.
“The malware directly interacts with various Facebook endpoints from the victim’s machine using the Facebook session cookie (and other security credentials that it obtains through the initial session cookie) to extract information from the victim’s Facebook account,” explains WithSecure in their report.
Once the victim’s Facebook account is compromised, the attacker can add their email addresses to the victim’s Facebook Business account(s) with full access. The attacker can then leverage the victim’s Facebook ad campaigns and accounts to run campaigns using the victim’s or their own payments.
The impact of malverposting on businesses can be significant, as it can lead to a decrease in user trust and a loss of revenue. If users become aware that your ads are spreading malware, they may be hesitant to interact with your business in the future, which could harm your reputation and ultimately your bottom line.
What Is FFDroider?
In addition to the Malverposting and Ducktail malware campaigns, a new malware called FFDroider has emerged that targets Android users and steals Facebook, Instagram, and Twitter credentials. The malware is distributed through third-party app stores and disguises itself as an update for the F-Droid app, an open-source app store for Android devices. Once downloaded, FFDroider can intercept text messages, download and install apps, and steal login credentials for Facebook, Instagram, and Twitter.
To protect your business from FFDroider and other Android malware, it is crucial to only download apps from trusted sources like the Google Play Store and to keep your device’s operating system and apps updated to the latest version.
Preventive Measures
To protect your business from malverposting and other types of ad fraud, there are several steps you can take.
- Check your Facebook ad campaign permissions regularly and remove those you don’t recognize.
- Don’t download files presented to you in Messenger or chat fields from places like LinkedIn, Facebook, or other social channels.
- Be wary of files downloaded from Facebook ads themselves. These places don’t always go through rigorous file scans to check for phishing software, though they aren’t perfect either.
- Be extra cautious with zip files, although phishing attacks can occur in other file formats as well.
- Implement two-factor authentication (2FA) on your Facebook account and any associated email addresses.
- Regularly monitor your Facebook Business account for any suspicious activity, such as new email addresses added to your account or unauthorized changes to your ad campaigns.
- Educate yourself and your team on how to identify phishing attempts and what to do if you suspect a phishing attack.
- Use tools like ClickEase to help clean up your marketing tunnels from invalid traffic.
Additionally, be vigilant about the content of your ads and avoid using clickbait or other misleading tactics that may make users more susceptible to malware. Make sure you are targeting your ads to a specific audience, as this can help reduce the likelihood of your ads being shown to users who are more likely to fall for scams.
Finally, if you suspect that your ads may be the target of ad fraud or malware, it’s important to take immediate action. This may involve contacting Facebook’s support team, conducting an investigation into the source of the fraud, or even suspending your ad campaigns temporarily to prevent further damage.
We’re In This Together
In conclusion, while Facebook ads can be a valuable tool for promoting your business, it’s important to be aware of the potential for ad fraud and take steps to protect yourself and your customers. By staying vigilant and implementing proper security measures, you can minimize the risk of malverposting and other types of ad fraud and ensure that your business remains safe and successful on the platform.
At TFNB Your Bank For Life, we believe that helping keep our customers aware of potential security threats is of utmost importance. If you have any questions, we encourage you to reach out to one of our friendly bankers.
If you have any questions or would like to know more about our banking solutions, contact us at 254-840-2836