Credits: Indian Express
New age hackers are taking advantage of the convenience of browser or app-based push notifications to inject malicious links which when clicked can contain offensive or inappropriate material which could further lead to viruses and malware.
The same was highlighted in Spam and Phishing in Q3 report which said, “Some browsers make it possible for websites to send notifications to users (for example, Push API in Chrome), and this technology has not gone unnoticed by cybercriminals.”
So how does it work? “To show push notifications which are messages sent by app publishers that pop up on your desktop or mobile device, a McAfee researcher in a blogpost said, “Website owners must utilise pop-up ads that first request permission to show notifications. Essentially, users are tricked into thinking that the request is coming from the host site instead of the pop-up.”
For instance, the browser Chrome requests permission to enable notifications for each site. Though this is a normal request, one should be suspicious if a site states they cannot continue loading without a click on the “yes” button — and thereby forcing the user into making an affirmative action.
“Having given the site permission to display notifications, many users simply forget about it, so when a pop-up message appears on the screen, they don’t always understand where it came from,” the Spam and Phishing in Q3 report said.
The user might think that it came from a trusted source. “The user might see, for instance, a “notification” about a funds transfer, giveaway, or tasty offer. They all generally lead to phishing sites, online casinos, or sites with fake giveaways and paid subscriptions.”
The McAfee researcher suggested following Google’s guide to customising which sites to receive push notifications from. Use of parental controls was also recommended.