Web push notifications (also called browser push notifications) are a web browser feature that allows websites to send notifications to users regardless of which sites they have open, and sometimes even if their browsers are closed altogether! They are super-powerful and really handy, but scammers have been exploiting the feature to promote unwanted ads and scam sites, and even send out malicious links containing malware.
If you receive a notification from a malicious website and grant it the permissions it is requesting, you will start to be bombarded by notifications in the bottom right of your screen with fake alerts, messages from fake dating sites, and adverts for products that ARE ALMOST CERTAINLY SCAMS.
How malicious notifications get on websites
There are two methods that scammers use to get their malicious notifications on to websites. The first requires the exploitation of a hole in a website’s security. The security flaw allows malicious code to be injected into the site that redirects users to a malicious page. On that page, the users are then tricked into enabling the nefarious browser notifications.
The second method is a lot simpler; some websites cooperate with the scammers and willingly inject the redirection code into their sites – presumably for a fee.
Beware of websites that offer illegal content such as:
- Pirated movies
- Pirated software
- Pirated songs
- Illegal streaming
Malicious notifications are regularly found on porn sites, too.
Whenever you visit a site infected with malicious web browser notifications, you will often be randomly redirected to a page asking you to click “Allow”. The site will almost always tell you that you need to do so before you can view certain content or before you can use a certain feature of the site.
For example, on illegal streaming sites, you will often be redirected to a page containing a fake video player and asked to click on the “Allow” button before you can play the video.
How to protect yourself from browser notification scams
- Avoid visiting untrusted websites. View streaming content on reputable websites to minimize the risk that you will be targeted by these scams.
- Be wary of accepting browser notifications in general. If you don’t allow malicious sites to send notifications, they can’t send you any unsolicited notifications.
- NEVER click links or notifications from unknown sources. Use Trend Micro Check to detect scams with ease!
1. After you pin the Trend Micro Check browser extension, it will block dangerous sites for you automatically:
2. Trend Micro Check on WhatsApp:
Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:
Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try:
Clicked on a malicious browser notification? Read on!
Here’s what you need to type into your web browser’s address bar (don’t type the quotation marks):
Microsoft Edge: “edge://settings/content/notifications”
Once you’ve typed that in, hit Enter and you’ll be taken to a page where you can disable the malicious notifications.