[Scam Alert] Browser Notification Scams

    Browser Notification Scam

    Web push notifications (also called browser push notifications) are a web browser feature that allows websites to send notifications to users regardless of which sites they have open, and sometimes even if their browsers are closed altogether! They are super-powerful and really handy, but scammers have been exploiting the feature to promote unwanted ads and scam sites, and even send out malicious links containing malware.

    If you receive a notification from a malicious website and grant it the permissions it is requesting, you will start to be bombarded by notifications in the bottom right of your screen with fake alerts, messages from fake dating sites, and adverts for products that ARE ALMOST CERTAINLY SCAMS.

    Notification_0914_
    Examples of fake notifications
    Notification_0914_
    Examples of fake notifications

    How malicious notifications get on websites

    There are two methods that scammers use to get their malicious notifications on to websites. The first requires the exploitation of a hole in a website’s security. The security flaw allows malicious code to be injected into the site that redirects users to a malicious page. On that page, the users are then tricked into enabling the nefarious browser notifications.

    The second method is a lot simpler; some websites cooperate with the scammers and willingly inject the redirection code into their sites – presumably for a fee.

    Beware of websites that offer illegal content such as:

    • Pirated movies
    • Pirated software
    • Pirated songs
    • Illegal streaming

    Malicious notifications are regularly found on porn sites, too.

    Whenever you visit a site infected with malicious web browser notifications, you will often be randomly redirected to a page asking you to click “Allow”. The site will almost always tell you that you need to do so before you can view certain content or before you can use a certain feature of the site.

    For example, on illegal streaming sites, you will often be redirected to a page containing a fake video player and asked to click on the “Allow” button before you can play the video.

    Notification_0914_3

    How to protect yourself from browser notification scams

    • Avoid visiting untrusted websites. View streaming content on reputable websites to minimize the risk that you will be targeted by these scams.
    • Be wary of accepting browser notifications in general. If you don’t allow malicious sites to send notifications, they can’t send you any unsolicited notifications.
    • NEVER click links or notifications from unknown sources. Use Trend Micro ScamCheck to detect scams with ease!

    1. After you pin the ScamCheck browser extension, it will block dangerous sites for you automatically:

    Spot the Scam_TMC_0730

    2. ScamCheck on WhatsApp:
    Send a link or a screenshot of suspicious text messages to ScamCheck on WhatsApp for immediate scam detection:

    Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try:

    Clicked on a malicious browser notification? Read on!

    Here’s what you need to type into your web browser’s address bar (don’t type the quotation marks):

    Chrome: “chrome://settings/content/notifications”
    Firefox: “about:preferences#privacy”
    Microsoft Edge: “edge://settings/content/notifications”

    Once you’ve typed that in, hit Enter and you’ll be taken to a page where you can disable the malicious notifications.

    Post a comment

    Your email address won't be shown publicly.

    0 Comments

      This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.