Browser notifications are not only annoying, they can also be rather dangerous according to Kaspersky.
Data from the cybersecurity firm has revealed that over the first three quarters of 2019, fraudulent browser push notifications have grown to a worrying amount.
Between January and September of this year the monthly number of users affected by this issue grew from 1 722 545 to 5 544 530.
While push notifications can be useful in some instances, they are also used by cybercriminals in phishing scams. In addition they can even be used to push malicious software to a user through social engineering.
According to Kaspersky this can be accomplished using the following methods:
- Passing subscription consent off as another action, such as a CAPTCHA
- Switching the ‘accept’ and ‘decline’ buttons on subscription alerts mid-action
- Showing notifications from phishing copies of popular websites
- Showing fraudulent subscribe pop-ups on websites
“We have seen a rise in push notifications being abused, as attackers continue to creatively adapt new technologies in order to trick users. Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen a rapid growth in the number of affected users,” security researcher at Kaspersky, Artemy Ovchinnikov.
The firm says that while some scams are less harmful such as clickbait advertising, other scams can also milk money from folks.
The more dangerous uses of browser push notifications see them being disguised as system notifications. Users are then directed to a fake website disguised as a legitimate one and then pushed to download malware.
“Push notifications are a very useful tool for users that help them stay on top of important things that interest them. Yet, as with anything on the internet, users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources,” advises Ovchinnikov.
In order to avoid the risk, Kaspersky advises the following steps be taken by users:
- Where possible, block all subscription offers, unless they come from popular and trusted websites. Remain vigilant to ensure you are not redirected to a fake website.
- If unable to avoid an unwanted subscription, block it in the browser settings.
- Start using a reliable security solution that blocks ad and scam push subscription offers in browsers, can delete subscriptions that have already been approved, and has an anti-phishing feature.