Browser push notifications are small messages that deliver information to users. If the website requests it, web browsers will prompt the visitor to block or allow notifications. If allowed, the site will then be permitted to send messages directly to the user’s computer, even when not visiting the site in question. Most often, these notifications are used to inform people of new or updated content.
While push notifications can serve useful purposes, they’re also abused by malicious hackers. Security researchers have identified that push notifications can be used to:
Deliver excessive advertisements
Display inappropriate content
Send malicious advertisements, known as malvertising
Trigger installation of unwanted software
How can you avoid falling victim to malicious browser notifications?
Click with Caution
Carefully review what any prompt or pop-up is asking for, and only allow notifications for websites you trust. Think before you click!
Most web browsers keep a list of the websites that have push notifications permitted. You can review and remove permissions in the privacy and security settings of your specific browser.
Depending on which browser you use, there may be an option to globally block push notifications. It’s best to enable this option and manually add notifications as needed.
Software updates are often used to fix bugs and patch security vulnerabilities. It’s wise to enable automatic updates so your web browser is always on the latest version.
Only use approved browsers and software. Never change settings or install extensions without asking. Doing so adds unnecessary risk and could lead to data theft.
Push notifications may not come across as an alarming threat, but in a world where attackers are looking for every advantage, it’s vital that we address every potential weakness in the security chain. So, if in doubt, don’t click, and contact IT!