Scam alert with woman using a laptop

Scam Alert – Malicious Online Ads Target Financial Institution Login Pages

Have you ever done this? You’re looking for your bank or credit union’s online banking login page. You don’t have it bookmarked or memorized, so you just go to the search engine search for it. Maybe you type in “Wells Fargo login”.  Enter.

Search results pop up, with two or three paid ads at the top. That first paid ad is exactly what you’re looking for, the login page for Wells Fargo! You click it, expecting to be redirected to the usual login screen.

If that ad is a malicious advertisement–or Malvertisement—then you may have just been hacked.

What is Malvertisement?

Malicious Advertising, a fun new twist to the dangers of the digital age!

Here’s how it works: scammers build realistic online ads for fake banks, government sites, digital wallets, etc. Users searching for those sites click on the false ad results. Instead of taking users to the expected page, these ads connect to malicious sites that open the door to stolen information, malware, viruses, and more.

These malvertisements aren’t just relegated to the less-popular search engines, either. Google, Bing, and DuckDuckGo have seen a growing number of malicious ads in the past year. Bank login pages, the IRS, crypto-currency wallets, social platforms, and government agencies are common targets of these ads, but they can appear on any advertisement on any site.


How to Avoid Malvertisement Scams:

  • Be wary of ads you find online, no matter where they appear.
  • Type the full address of the site you want to visit in the address bar, instead of searching for it
  • Bookmark key login pages or use your financial institution’s mobile app to access online banking
  • Even when they relate to your search, avoid clicking on paid ads at the top of search results. Scroll down and find the verified pages that match your search.
  • If you are interested in a company or product you see in an add, don’t click! Search for the company in another tab and find their real website.
  • Keep your anti-malware and firewall software up to date
  • Install an ad-blocker on your browser to avoid all online ads—malicious or otherwise
  • Make sure you use different passwords for each site, especially those with access to your finances. Use a password keeper app to track and secure these passwords.

What to do if you think you’ve been hacked

  • Use a tool like Malwarebytes to scan your device for any bad software that may have been downloaded
  • Change any passwords that may have been affected, especially banking-related passwords
  • Watch your bank statements and credit report for any unusual or suspicious activity over the next days and months. This is always a good practice.