While most people now regularly watch for suspicious emails from scammers posing as trusted contacts or corporations, savvy cybercriminals have turned to a new avenue to commit fraud: fake push notifications.
WHAT ARE PUSH NOTIFICATIONS?
Push notifications are alerts that pop up on devices to attract attention. They are small dialog boxes (i.e., windows) that usually appear in the upper right-hand corner of your PC or laptop screen or at the top of a smartphone screen informing you of something new for a site, app, or service.
Examples of these types of notifications include an alert for a sale at your favorite online store, an announcement that a new email or WhatsApp message has arrived, a reminder prompting you to update your software or the publication of a recent article on a news outlet website.
Fraudulent push notifications were first reported as a phishing tactic in 2019, with one attack using push notifications fraudulently designed to originate from Google Chrome. Since then, fraudsters have leveraged the logos from trusted companies to create fake notifications, encouraging users to click on what they think is a safe link. Furthermore, attackers also use security flaws in trusted apps to send “real” push notifications that carry dangerous links or encourage users to share personal information.
HOW TO PROTECT YOURSELF
1. Scrutinize All Notiﬁcations
For one, smartphone and computer users should scrutinize all notifications. If you receive a notification from a company you have not interacted with in the past, it could be fraudulent. Do not click on it.
Of course, the notification might not be fake, as it is a common practice for companies to sell their customer lists to other companies who then send messages to those customers. Further, some websites automatically opt-in users to receive push notifications even though explicit authorization was not granted.
In short, use your judgment when evaluating the legitimacy of push notifications, and don’t be so quick to click on them. It is best to err on the side of caution.
2. Use Strong Passwords and Update Antivirus Software
Be sure to take protective measures online by using strong passwords, changing them often, and installing and updating antivirus software.
3. Review Device Settings –Especially Notifications
It’s prudent to regularly review the settings on your PC/laptop and smartphone, including notifications. Think of it as a notifications audit. Be sure to check your browser and smartphone settings to determine what notifications are turned on. Disable those that look unfamiliar and those services which you no longer use.
One way to avoid fraudulent push notifications is to turn off notifications altogether or limit notifications to only apps you wish to hear from regularly.
A “spring cleaning” of push notifications can go a long way toward staying safe and secure online.