Clicking on Taboola ads leads users to a scam site

by Julie Splinters - -

Clickbaited again

Clickjacking has been a popular technique among cyber crooks

If you cannot resist the temptation of clicking on seemingly intriguing articles, then, you probably fell into the trap of malware hidden in msn.com. Though Taboola advertising platform is legitimate and you can find its commercial offers in many legitimate sites, they became the tool of clickjacking technique.

The felony was spotted on msn.com site. It suggests that Internet Explorer and Microsoft Edge users are more likely to have been affected as Microsoft Network site automatically loads in these browsers. Microsoft has been cooperating with the online advertiser already since 2006[1], thus, it is not surprising why the platform caught felons’ attention.

Like its counterparts Mgid and Revcontent, Taboola network has been promoting articles which attempt to attract users’ attention rather than provide objective and verified piece of news. Though neither of these networks is malevolent, the reliability of their promoted content has been a topic of discussion for a long time.[2]

What happens when you click on Taboola ads?

Speaking of this particular incident, users were directed to a site called 4vxadfcjdgbcmn.ga[3]. It happens to be just an ordinary sample of tech support scam. Take a look at its extract:

The server 4vxadfcjdgbcmn.ga is asking for your user name and password. The server reports that it is from Suspicious activity detected on your IP address due to harmful virus installed on your computer. Call Toll Free now +1-833-335-1333 for any assistance. Your data is at serious risk.

Needless to say that such pop-up alert is a pure scam. Users should note that Microsoft never displays such alerts nor provides phone number or email address.

Interestingly, the below statement already gives out its deceptive origin as it warns users that their entered data will be transferred via an insecure connection. Furthermore, the text suggests that a fraudster is not a native English user. Luckily, the malware has been already removed.

Security tips for the future

Bear in mind below tips to determine whether you are dealing with an online scam. You may also find this advice valuable:

  • pay attention to the domain name where a system alert pops up (scams are often displayed in redirected randomly-named pages)
  • do not enable any extensions or download apps promoted in redirected new tabs
  • install malware elimination tools to block phishing and malicious URL sites

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References


Files
Software
Compare
Like us on Facebook