Read this before you click on another digital ad.

Cyber criminals have used images within phishing emails for some time as a way to trick you into getting your credentials.  Click on the image of the Excel spreadsheet or PDF file and instead of opening up the document, it takes you to fake web page asking for your login info.  It works way too often.  Phishing email scams have accounted for $12 billion of fraud in just the last 5 years according to the FBI.

Now, a similar strategy is showing up in ads.  This scam used steganography.

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words meaning “covered, concealed, or protected”, and graphein meaning “writing” – Wikipedia

Click on the ad and it may launch malicious code on your device, or redirect you to a phishing site.

GeoEdge, a provider of ad security and verification solutions, first reported an increase of incidents of steganography with malicious code inserted into ad images earlier this year. It now reports the number of incidents has been growing exponentially in Q4 2018.

Experian, a multi-billion dollar global information services company had one of their ads innocently targeted with a second image, one that was not visible to the user but hidden inside the ad request which called up the embedded malicious code. Once the ad appears on a user’s desktop or phone, the malicious code is enabled. In this instance, the malicious code was an auto-redirect to a phishing site targeting U.S. users.

For publishers, beyond the lost dollars in revenue, these redirects to malicious ads cause a bad experience for site visitors who are unsuspectingly taken to sites they didn’t want where they can fall victim to phishing attacks and expose their personal and financial data such as e-mail addresses, credit card numbers, social security numbers and other information.

“The use of steganography increases the sophistication in the constantly evolving arsenal of tactics employed by malicious actors, making a detection technology solution which is updated weekly, daily and even hourly, coupled with real-time blocking, a necessity for publishers today,” says Amnon Siev, CEO of GeoEdge.

H/T MediaPost, GeoEdge