Filing this as an issue for discussion since we did not have immediate consensus on a minor edit PR (and closing that PR accordingly https://github.com/w3c/AB-public/pull/49, to shift discussion here). As part of the goal of transparently admitting significant existing harms of the web, it makes sense to add “malvertising” somewhere near misinformation to the Introduction, per https://arstechnica.com/information-technology/2023/02/until-further-notice-think-twice-before-using-google-to-download-software/ for example. Note this is a "modern" (year 2000+) problem, and the term itself is clearly defined in Wikipedia: https://en.wikipedia.org/wiki/Malvertising (which we could add as a reference in the glossary as part of work on https://github.com/w3c/AB-public/issues/1).
The PR discussion had a few suggestions for how to add “malvertising” as a known harm, and they are worth considering in my opinion.
… generalize a little, for example by grouping this for instance with phishing as well. Both problems seem to be somewhat similar in that they take advantage of the web's broad reach, as well as its general (but imperfect) trustworthiness to show deceptive and harmful content to vast amounts of unsuspecting viewers, some of whom will fall for the trick and cause themselves harm in the process.
… malvertising is a harm, but I believe it should come in the "how" section - in fact, I'm not clear how we would directly be addressing malvertising. The most I'd be comfortable with here is adding the suggestion of "deceptive practices" after misinformation, but I still don't think that's an improvement.