Here is the fortnightly I.T Crowd column with Philip Brooks, of Diamond Byte Solutions…
Most browsers, websites, and apps use push notifications as a form of marketing and in general these ‘Allow Website Notifications’ are fine as they simply let web developers notify users when new content is posted.
However, over the last few years, criminals have been misusing these notifications to hide malware, a tactic known as “malvertising”.
Malvertising works when users open a website with “Allow Website Notifications” and are faced with a pop-up asking for permission to display notifications.
If users agree, their choices are saved in browser options and criminals are then able to continually feed them with unwanted ads.
These intrusive ads can in turn lead to malicious websites and can even run scripts that install malware.
Some sites ask to “enable notifications, otherwise content will not be displayed”.
When the user declines, the pop-up keeps appearing until the website is closed. These notifications to display content are merely trying to trick users into clicking “Allow”.
Even with an adblocker installed, malicious push notifications can still get through as I have seen on many of my customers’ computers.
Typical signs that the push notifications you are getting are malicious are:
- Ads appear in places where they shouldn’t, e.g. your desktop, even when the browser is closed.
- The browser home page changes without your permission.
- Websites you used to visit are now not displaying properly, or you are redirected to another address.
- You get pop-ups which advertise fake software or updates, or warnings that you are infected, followed by prompts to install a specific clean-up tool (DON’T!).
- Apps and programs are installed on your PC that you don’t remember installing.
- Don’t worry, they can be removed:
- Google Chrome – go to Settings by clicking on the vertical three dots, then scroll down to Site Settings and click, then click on notifications, then block all or some sites from sending you notifications.
- Microsoft Edge – go to settings by clicking on the three dots, then on the left-hand menu click on Cookies and Site Permissions, now scroll down on the right hand side to Notifications and untick Ask Before Sending, this will block them all.
- Mozilla Firefox – click on Options from the drop-down menu, then choose Privacy & Security from the list at the top left. Scroll down until you come to Permissions, click on the Settings button for notifications and you can see all the websites you allowed pop-ups from.
Finish by scanning your PC and cleaning it up with professional anti-malware software. To prevent infections with malicious push notifications, be cautious. Keep the list of websites from which you accept push notifications short and NEVER go online unprotected.
Original Source by [author_name]