#FraudAlert: Scammers can use your browser notifications to steal money
Consumer technology has come a long way over the years, but with all the new tricks/features we get, ill-intended scammers also find ways to defraud unsuspecting people, and steal their money. The latest such technique revolves around browser notifications, which according to the folks at Kaspersky Labs, are increasingly being used to trick people into giving away money, sometimes even confidential details. Here's how.
First, you should know what are browser notifications
Browser push notifications, as the name suggests, are website notifications that are pushed by the way of your browser. The technique was introduced years ago to keep users updated on the latest happenings, like news from different fields. However, today, almost every website uses this trick and tries to seek notification permissions (with a pop-up prompt) to bombard users with their content.
Scammers, meanwhile, are using this for phishing
While websites use notifications to deliver content to the audience, scammers use the same for phishing. They push malicious links as notification, thereby prompting unsuspecting users to open a fake page, which may have been designed to trick them into giving away their personal information or financial details. Sometimes, these pages can even trick people into paying for decoy prizes.
Browser attacks have risen significantly, says Kaspersky
The threat of browser-based notifications can be explained by the sheer number of victims suffering from such attacks. According to Kaspersky, in January 2017, some 17.2 lakh people were targeted by malicious browser notifications, but in a matter of months, that figure grew by more than three-fold to 55.4 lakh in September 2019. This indicates that attackers are increasingly switching to this trick.
Ease of use makes them easy to exploit
"We have seen a rise in push notifications being abused," Kaspersky security researcher Artemy Ovchinnikov warned. "Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen rapid growth in the number of affected users."
So, how can you protect yourself?
Now that you know about the threat, the only way to protect yourself from such scams is by being cautious about the risks; you should allow notifications only for trusted websites. Meanwhile, Ovchinnikov added, "Users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources."
