Tuesday, July 4, 2023

Abusive Web Notifications

Adam Engst:

These attempts to phish you by notification are malware, plain and simple—the form known as adware. The alerts try to trick users into visiting a fake website and entering login credentials or credit card information to facilitate identity theft, just like a phishing attempt via email. Attempting to eliminate the notifications by running anti-malware apps like Malwarebytes, DetectX Swift, or VirusBarrier won’t work.


Unlike regular malware, notification adware doesn’t require an infection, so anti-malware software has nothing to find or remove. Instead, notification adware exploits the capability of Web browsers to let websites display system-level notifications just like native apps. No one would intentionally sign up for adware notifications, of course, but websites can—and increasingly do—ask users if they’d like to receive notifications.

There are also fake notifications that appear within the browser window and look like system notifications—but usually using the design of a few years ago. These will show up without any prompting and are good at tricking people, in my experience.


Comments RSS · Twitter · Mastodon

Leave a Comment