Phishing Notifications: Part 1

Click Here For Part 2

So, I was doing a Service-IT for one of our clients and a couple of notifications popped up on the right-hand side of the screen whilst I was running a Hard Disk check. Those seem legit; all you do is click on them, right?

Yeah… they’re not legit.

Firstly, the client I was working with wasn’t subscribed to any of Norton AV’s products. The pop up is just trying to get that click.
The second one is pretending to be a helpful article but if either of these pop-ups are clicked on, they will not provide the useful information they imply but instead open your computer to virus infections. Even without that, they are spam; no-one really wants things interrupting their work by randomly popping up.

If you’re seeing a notification like this, it means that at some point a malicious website has tricked someone using the computer into subscribing to its push notifications, granting the malicious site the ability to send notification spam directly to your desktop or phone. The messages that are displayed can vary, as can the web address.

See the tiny font ‘Google Chrome’ in the screenshots? That shows which browser it is coming from.

Edge and Firefox are just as vulnerable to this as Chrome, however. The malicious sites exploit a feature that web browsers have, which is intended to enable users to receive notification from sites they frequent or use on a regular basis. Usually, this feature makes life easier but malicious sites use it to trick people into granting them access to their computer by posing as something benign.

These are just a few of the false error messages that some malicious sites will display to trick you into clicking the “Allow” button:

  • Type Allow to verify that you are not a robot
  • Click Allow to watch the video
  • Download is ready. Click Allow to download your file
  • Press Allow to verify that you are not a robot

So that’s what can happen, but can we prevent it? Yes! Our follow-up article will be explaining how you can check what’s going on and get these troublesome things off your computer without also losing the genuinely useful ones put in place by legit sites.

Phishing Notifications: Part 2

One Comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.