Avoiding fake AI online ads and confronting malware problems

John Walker, a self-proclaimed computer geek, searched numerous sites to keep current on artificial intelligence (AI). He clicked on an online ad for AI tools on a social media site but found little information that piqued his interest. However, later that week he went online to check his bank account and discovered that his balance was wiped out. The fake AI ad had loaded malware onto his device.

This fictitious case represents a real problem that’s hitting many computer users curious about new AI software. When victims click on bogus AI ads, downloaded malware steals their personal identifying information (PII), such as usernames and passwords, bank account numbers or Social Security numbers. [See “Ads for fake AI and other software spread malicious software,” by Alvaro Puig, U.S. Federal Trade Commission (FTC) Consumer Advice, April 13, 2023.]

Some malicious ads take victims to real software but download malware through a “backdoor” so victims don’t know they were hacked. Fraudsters can also access victims’ contact lists so they can swindle others.

According to the FTC, here are ways to avoid these scams:

• Don’t click on ads to download software. Instead, type in the name of the supposed website to test its veracity.
• If you search for a supposed website address, don’t click on the top searches, possibly labeled “Ad” or “Sponsored,” because scammers often pay for those spots. Scroll way down on the list for a reliable URL.
• Malicious ads might evade antivirus software, but still ensure your device’s security software, operating system and internet browser are up to date. And turn on automatic updates to keep up with latest protections.

Avoiding the malware blues

Malicious malware is an unbelievably valuable tool for hackers. According to the FTC, in the U.S. alone, hackers racked up over $8.8 billion in profits from fraud losses in 2021 — much of it still with the use of malicious malware. (See “Consumer Sentinel Network Data Book 2022,” FTC.) And while malware attacks have been on the decline in the U.S. and Europe, these scams have increased in Latin America and the Asia-Pacific region, according to cybersecurity company SonicWall. (See “2023 SonicWall Cyber Threat Report,” SonicWall.)

Downloaded malware includes viruses, spyware and ransomware that can remain in your devices’ systems forever and rob your PII. Cybercriminals using ransomware will demand payment for encryption keys to unlock your files.

The FTC offers help in “How to Recognize, Remove, and Avoid Malware.”

Malware gets on your device when you:

• Download free stuff like illegal downloads of popular movies, TV shows or games; content available on file-sharing sites; or files on removable storage like external hard drives or thumb drives.
• Click links in fake security pop-ups sent to your computer by tech-support scammers, on ads placed by scammers on websites you visit, or on links or attachments in phishing emails.

Your device might have been infected with malware if it:

• Suddenly slows down, crashes or displays repeated error messages.
• Won’t shut down or restart.
• Won’t let you remove software.
• Serves up numerous pop-ups, inappropriate ads or ads that interfere with page content.
• Shows ads in places you typically wouldn’t see them, such as government websites.
• Shows new and unexpected toolbars or icons in your browser or on your desktop.
• Uses a new default search engine or displays new tabs or websites you didn’t open.
• Keeps changing your computer’s internet home page.
• Sends emails you didn’t write.
• Runs out of battery life more quickly than it should.

If you search for a supposed website address, don’t click on the top searches, possibly labeled ‘Ad’ or ‘Sponsored,’ because scammers often pay for those spots.

Here are additional warnings:

• If you don’t recognize a program or are prompted to install bundled software, decline the prompts or exit the installation process.
• Obtain well-known software directly from the source. Of course, sites offering lots of different browsers, PDF readers and other popular software for free are more likely to include malware.
• Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.
• Instead of clicking on a link in an email or text message, type the URL of a trusted site directly into your browser.
• Don’t click on pop-ups or ads about your device’s performance.
• Scan USB drives and other external devices before using them because they can contain malware, especially if you use them in high-traffic places, such as photo-printing stations or on public computers.

If you search for a supposed website address, don’t click on the top searches, possibly labeled ‘Ad’ or ‘Sponsored,’ because scammers often pay for those spots.

You can remove malware by:

• Ceasing to shop, bank and doing other online activities that involve usernames, passwords or other sensitive information until you get your device cleared of any malware.
• Again, downloading the latest security software on your device and turning on automatic updates. Search online for security software recommendations on independent review sites. Carefully research options because some software that claims to be security­­­ software to protect you from malware is malware.
• Scanning your device for malware and deleting anything it identifies as a problem. You may have to restart your device for changes to take effect. Run your scan again to make sure everything is clear. If the scan shows there are no more issues, you’ve likely removed the malware.

If you haven’t resolved the issue, back up your data and visit your device manufacturer’s website to find out how to recover or reinstall the operating system (like Windows or Mac OS). Then go through the previous steps to ensure you’ve removed the malware.

If your device is still under warranty, you may be able to receive free tech support from the manufacturer. Before you seek help, write down the model and serial number of your device and the names of software you’ve installed.

Again, beware of tech-support scammers. Legitimate tech companies won’t contact you by phone, emails or texts to tell you there’s a problem with your device. Security pop-up warnings from real tech companies will never ask you to call phone numbers.

Here to help

Please use information about AI scams and malware avoidance in your outreach programs and for your family members, friends and co-workers. As part of my outreach program, please contact me if you have any questions on identity theft or cyber-related issues that you need help with or if you’d like me to research a scam and possibly include details in future columns or as feature articles.

I don’t have all the answers, but I’ll do my best to help. I might not get back to you immediately, but I’ll reply. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, is a distinguished professor of accounting and research at Central Washington University. He’s vice president of the ACFE Pacific Northwest chapter. He’s a member of the Accounting Council at the Gerson Lehrman Group, a research consulting organization, and is a member of the White Collar Crime Research Consortium Advisory Council. He’s also on the ACFE Advisory Council and the Editorial Advisory Committee. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.