Blog | G5 Cyber Security

Ads Stealing Passwords?

G5 Cyber Security

TL;DR

It’s unlikely ads directly ‘read’ your passwords, but they can be used to trick you or exploit vulnerabilities in your browser. Keep software updated, use strong unique passwords, and consider ad blockers for extra safety.

How Ads Could Potentially See Your Passwords

  1. Malicious Advertising (Malvertising): This is the biggest risk. Criminals pay to show ads that contain harmful code. When these ads load on a webpage, they can try to install malware on your computer or phone.
    • What it does: Malware could steal passwords saved in your browser, track what you type (a keylogger), or redirect you to fake websites.
    • How to protect yourself: Keep your operating system and web browser up-to-date. These updates often include security fixes that block malvertising attacks.
  2. Cross-Site Scripting (XSS) Vulnerabilities: If a website has poor security, malicious code can be injected into the ads it displays.
    • What it does: XSS allows attackers to run scripts in your browser when you visit the vulnerable website. These scripts could potentially access information on that page, including passwords if they are visible (though this is rare).
    • How to protect yourself: This isn’t something *you* can directly fix. It relies on websites having good security practices. Use reputable websites and report suspicious activity.
  3. Tracking Pixels & Fingerprinting (Less Direct): Ads often use tracking pixels and browser fingerprinting to collect information about you.
    • What it does: While they won’t see your actual password, they can build a profile of your browsing habits. This profile could be used in phishing attacks that are more likely to trick you.
    • How to protect yourself: Use privacy-focused browsers or browser extensions (see step 5).

Steps to Protect Yourself

  1. Keep Your Software Updated: This is the most important thing you can do.
    • Web Browser: Chrome, Firefox, Safari, Edge – all need regular updates. Check your browser settings for update options (usually under ‘About’ or ‘Help’).
    • Operating System: Windows, macOS, Android, iOS – keep these updated too!
  2. Use Strong, Unique Passwords: Don’t reuse passwords across different websites.
    • Password Manager: Consider using a password manager (like LastPass, 1Password, or Bitwarden) to generate and store strong passwords for you.
  3. Enable Two-Factor Authentication (2FA): Adds an extra layer of security.
    • How it works: Even if someone steals your password, they’ll also need a code from your phone or another device.
  4. Be Careful What You Click: Phishing attacks often look like legitimate websites.
    • Check the URL: Make sure the website address is correct and uses ‘https://’.
    • Don’t enter passwords on unfamiliar sites.
  5. Consider an Ad Blocker & Privacy Extensions: These can block malicious ads and tracking.
    • Ad Blockers: uBlock Origin, AdGuard are popular choices.
    • Privacy Extensions: Privacy Badger, Ghostery help block trackers.

Checking for Malware (If You’re Worried)

If you suspect your computer is infected with malware:

  1. Run a Scan: Use a reputable antivirus program to scan your system. Windows Defender (built-in to Windows) is a good starting point. 
    # Example command for Windows Defender scan from the command line
    mpcmdrun -scan -scanType 3
  2. Browser Extensions: Check your browser extensions and remove any you don’t recognize or trust.
Exit mobile version