Tuesday, November 26, 2019

Kaspersky reports that fraudulent browser push notifications as a means of phishing and advertising are gaining popularity

Kaspersky research revealed that the monthly number of affected users has grown from 1,722,545 in January to 5,544,530 in September 2019. In total, during the first nine months of 2019, Kaspersky products protected more than 14 million users from attempts to allow websites to show unwanted notifications. Given that essentially every web user is a potential victim, this threat, although unsophisticated, requires additional attention.



Browser push notifications were introduced several years ago as a useful tool that kept readers informed with regular updates, but they are often used to bombard website visitors with unsolicited advertisements or even encourage them to download malicious software. 


The detected options include passing subscription consent off as another action, such as a CAPTCHA; switching the “accept” and “decline” buttons on subscription alerts mid-action; showing notifications from phishing copies of popular websites; and showing fraudulent subscribe pop-ups on websites.


Useful, user-friendly features, such as push notifications, are easy-to-use instruments for scams based on social engineering techniques, and therefore their growing popularity is not entirely unexpected. In light of the recent calendar invitations scam detected by Kaspersky, the company’s experts decided to dive deeper into push notification scams and phishing to find out how this tool can be abused.



Since a user’s consent is required in order to start sending notifications, attackers have come up with multiple, often out-of-the-box ways to trick and force people to sign up for subscriptions. 


To avoid receiving annoying notifications or scam ads, users can where possible, block all subscription offers, unless they come from popular and trusted websites, and be vigilant to ensure that they are not redirected to a fake website. If the user is unable to avoid an unwanted subscription, block it in the browser settings.


Adoption of a reliable security solution, like Kaspersky Security Cloud, which blocks ad and scam push subscription offers in browsers, can delete subscriptions that have already been approved, and has an anti-phishing feature.

No comments:

Post a Comment

Masimo secures FDA clearance for neonatal RD SET Pulse Oximetry sensors with improved accuracy specifications

Masimo announced that RD SET sensors with Masimo Measure-through Motion and Low Perfusion SET pulse oximetry have received FDA clearance ...