Malvertising
The use of seemingly legitimate online advertisements to spread malware, often executing without even clicking the ad.
Malvertising is the use of seemingly legitimate online advertisements to spread malware. Cybercriminals inject malicious code into ad networks, which then displays the infected ad on trusted, high-traffic websites (like major news outlets). The danger is that you don't even have to click the ad; often, simply visiting the webpage where the ad is displayed is enough for the malware to execute in the background, without your knowledge, in what's called a "drive-by download." While not purely an email threat, malvertising often works in tandem with email security gaps, targeting employees when they are simply browsing during a break or performing research. It can lead to the initial infection that allows criminals to start BEC or ransomware attacks. A comprehensive security posture must consider the attack surface beyond the inbox. But because email is the primary vector for communication, fortifying your email defense remains the most crucial step in preventing these initial infections.