
Websites or web publishers unknowingly incorporate a corrupted or malicious advertisement into their page. Computers can become infected pre-click and post click. It is a misconception that infection only happens when visitors begin clicking on a malvertisement. "Examples of pre-click malware include being embedded in main scripts of the page or drive-by-downloads. Malware can also auto-run, as in the case of auto redirects, where the user is automatically taken to a different site, which could be malicious. Malware can also be found in the delivery of an ad – where a clean ad that has no malware pre or post click (in its build and design) can still be infected whilst being called.

Malvertising uses numerous tactics such as an Iframe, an invisible box that can secretly navigate to other web pages.
Prevention is in being proactive while browsing the web. If you think the link is shady, it probably is, do have a look at the address box, is it HTTP or HTTPs, having the *s* certainly improves the safety of the website. Also keeping an updated virus scan installed is a good practice for protection. There are many free malware software's available on the internet which one could install.
Source: www.malwarebytes.org