If you're reading this article on a mobile device, and you're interrupted by an ad suggesting you've won a $1,000 Amazon gift card, I have some good news and some bad news.
The bad news first: You haven't really won a gift card. Or an Apple iPhone X, or a Samsung Galaxy S8, as some of the other versions of these spam ads promise.
The good news: We know what's causing the issue (well, I think we do), and it's not that your phone is infected with a virus. We also know how to reset your mobile browser settings to make it go away.
I'm guessing you've probably had one of these malicious ads pop up at some point. If you haven't, count your blessings, but you probably will. Because in recent months, we've seen them on many different sites.
Earlier this year, Vox, and more recently, RollCall.com, analyzed them after their readers reported seeing them. In short, the spam ads involve malicious code being inserted into the software that virtually all publisher websites use in order to run programmatic advertising--basically, fast-loading (in theory) automated ads.
Vox summarized what happens effectively. The ad serving experience starts out as it's supposed to, and takes no more than a few seconds. A publisher's website alerts its ad server that it has space available on a newly loaded page (like the one you're looking at). Within seconds, or fractions of a second, the software manages automated bids that advertisers make for that space. However, as Vox explained:
"Unbeknownst to our ad server or the publisher of the article, one of the ads that loaded on the page [in a case where the spam ads pop up] contained malicious code. Once that ad was loaded, the code triggered the popup that I mentioned above, and when you clicked to dismiss it, it redirected you to the site."
It's not your fault; you didn't click on anything you shouldn't have, and it's very unlikely that your phone has been hacked, as far as we know. The malicious hacking all happened on the advertiser's side. (But keep it that way: don't click on strange links.)
That said, it's disconcerting and annoying, and the ads sometimes will keep popping up. So here's how RollCall.com's team advises to clear your cookies, cache, and browser history on Apple and Android phones, which should make it all go away.
iPhone or iPad (using Safari)
1. Go to Settings from the home screen, and then click Safari.
2. Scroll down to Advanced. Tap that, and then tap Website Data.
3. From there, scroll down and tap, Remove All Website Data, and confirm that you want to delete all data.
iPhone or iPad (using Chrome)
1. Open Chrome, then tap on the triple dot menu.
2. Click on History, and then click Clear Browsing Data.
3. You can choose from among clearing Browsing History; Cookies, Site Data; Cached Images and Files. Then hit Clear Browsing Data at the bottom.
Android (using Chrome)
1. Open Chrome, then tap the triple dot menu.
2. Go to Settings, and then Privacy.
3. Then hit Clear Browsing Data, which will be the big button at the bottom.
Like a lot in the hacking world, this is an arms race. Malicious coders will devise a way to interfere with your browsing, publishers will combat it as best they can, and coders will come up with something else.
But for now, at least, these kinds of ads don't seem to pose a significant problem--beyond the annoyance of having to reset your browser, and maybe do it all over again the next time they pop up.