Browser push notification scams triple in 2019
Fraudulent browser push notifications as a means of delivering phishing and advertising are becoming more common, up from 1.7 million in January to 5.5 million in September this year according to the latest Kaspersky research.
Push notifications were introduced several years ago as a useful tool to keep site visitors informed with regular updates, but today are often used to bombard people with unsolicited advertisements or encourage them to download malicious software.
User consent is need to start sending notifications, but attackers are using a variety of tricks to get people to sign up for subscriptions. These include passing subscription consent off as another action, such as a CAPTCHA, switching the 'accept' and 'decline' buttons on subscription alerts, showing notifications from phishing copies of popular websites and showing fraudulent subscribe pop-ups on websites.
The least harmful options are clickbait ads on sensitive social topics, while others include scam notifications -- like lottery wins, offers of money in exchange for completing a survey or similar. More sophisticated scams are targeted at getting money out of users using phishing techniques.These can be disguised as system notifications like virus infection alerts which redirect users to phishing copies of trusted websites and then prompt users to download various paid 'PC cleaning' utilities.
"We have seen a rise in push notifications being abused, as attackers continue to creatively adapt new technologies in order to trick users," says Artemy Ovchinnikov, security researcher at Kaspersky. "Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen a rapid growth in the number of affected users. Push notifications are a very useful tool for users that help them stay on top of important things that interest them. Yet, as with anything on the internet, users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources."
You can read more and find tips to protect your self on the Kaspersky Securelist blog.