Learn to Identify and Eliminate Phishing Notifications

ByEmily Dolloff

Email may be the most common form of phishing, but it’s not the only one. Modern Web browsers support a technology that enables websites to display system-level notifications just like regular apps. These push notifications have good uses, such as letting frequently updated websites inform users of new headlines, changed discussion threads, and more.

Unfortunately, push notifications can be subverted for malicious purposes, notably phishing. Here’s what happens. You visit a website that asks you if you’d like to receive notifications.

That request may be introduced with language that implies you must agree in order to get desired content, or it may be a bald-faced request to show notifications. If you agree, the website will be able to display alarming or deceptive phishing notifications even when it’s not open.

The goal is to trick you into clicking the notification, which will load a fake site that attempts to get you to enter login credentials or credit card information to facilitate identity theft.

The danger of phishing notifications is that they come from the system, so they may seem more legitimate than email messages trying to sucker you into revealing personal information. Nevertheless, as you can see in the examples above, they may still look sketchy in ways reminiscent of phishing emails:

  • No legitimate website would use emoji or symbols in a notification, much less multiple ones.
  • Although there are no glaring spelling or grammar mistakes, the use of all caps in the top notification is a giveaway. Similarly, standard notifications wouldn’t use exclamation points.
  • The use of “Click here” is poor information design that’s unlikely to come from a professional programmer or Web designer.

Phishing notifications, although problematic, aren’t a malware infection, and anti-malware packages won’t detect or remove them. Luckily, they’re easy to control and block in Safari and other Web browsers.

Prevent Phishing Notifications

The easy way to ensure you don’t see phishing notifications is to allow only trusted websites to send notifications. In general, we recommend keeping that list small so you’re not frequently interrupted by unnecessary notifications.

If you’re unsure that you’ll be able to identify malicious websites, you can enable a browser setting that prohibits all websites from asking for permission to send notifications. In Safari, choose Safari > Settings > Websites > Notifications, and deselect “Allow websites to ask for permission to send notifications” at the bottom.

Other browsers have similar options, and most will look like Google Chrome, as shown below:

  • Arc: Choose Arc > Settings > General > Notifications and select “Don’t allow sites to send notifications.”
  • Brave: Navigate to Brave > Settings > Privacy and Security > Site and Shield Settings > Notifications and select “Don’t allow sites to send notifications.”
  • Firefox: Go to Firefox > Settings > Privacy & Security > Notifications and select “Block new requests asking to allow notifications.”
  • Google Chrome: Navigate to Chrome > Settings > Privacy and Security > Site Settings > Notifications and select “Don’t allow sites to send notifications.”
  • Microsoft Edge: Choose Microsoft Edge > Settings > Cookies and Site Permissions > Notifications and turn off “Ask before sending.”

Browsers based on Chrome (everything except Firefox in the list above) offer a “Use quieter messaging” option that replaces the permission dialog with a bell icon next to the site name in the address bar—click it to allow notifications from that site.

Eliminating Phishing Notifications

Now you know how to prevent new sites from requesting permission to display notifications. What about sites that already have permission? It’s easy to block them in Safari’s Notifications settings screen. If you have any undesirable sites with Allow in the pop-up menu to the right of their name in the Notifications screen, choose Deny from that menu. You could remove the site instead, but that would allow it to ask for permission again.

Firefox’s interface is similar to Safari’s, but Chrome-based browsers have a different interface that separates the blocked and allowed sites. To block a website whose notifications you no longer want to receive, click the button to the right and choose Block. Again, you could remove undesirable sites if you prefer, but remember that if your notification settings ever change, doing so could allow the site to ask for permission once more.

Ultimately, it’s easy to avoid phishing notifications by paying attention as you browse the Web. Steer clear of websites that make an unexpected request to display notifications. Notifications aren’t necessary on hardly any websites, so there’s no harm in denying such requests unless you’re sure they’re legitimate.

(Featured image based on an original by iStock.com/tadamichi)

Social Media: Did you know that a phishing website can send you a notification right on your Mac? Learn how this could happen and how to prevent it in your favorite Web browser.

Similar Posts

  • Hey Dora, Follow Orders!

    Last week we talked about how to activate and use dictation to write emails and documents but there is a lot more that you can do. I keep thinking about Scotty from Star Trek when he went back in time and was “**confronted with a Mac Plus**”:https://youtu.be/LkqiDu1BQXY?t=1m8s. He picked up the mouse as natural as can be and said “computer…”. That time is coming and Dictation Commands are already built into your operating system.

    Once you have dictation activated you can activate dictation commands by going to the Accessibility system preference.

    * Choose Accessibility from System Preferences.

    * Choose Dictation from the list on the left side of the Accessibility pane.

    * Click the Dictation Commands button. You can see a list of available commands in the Dictation Commands sheet.

    * A starting set of commands are enabled by default. Additional speakable items like “Open document” and “Click item” are available by enabling advanced commands using these next steps:

    * Select (check) the option to “Enable advanced commands” in the Dictation Commands sheet that appears.

    * Click Done.

    p{text-align: center;}. !http://blog.smalldog.com/images/4710.png!

    After you have enabled advanced commands, you can also create your own commands by clicking the Add Command (+) button. This lets you link a spoken phrase to an app, a menu item, a keyboard shortcut, or an Automator workflow.

    You have enabled Dictation Commands and now you can speak any of the items in this list to perform the related action. Press the Fn key twice, then say a command to make it happen, such as “Search Spotlight for the Cubs score” or “select sentence” or “new document”. Give it a try and pretty soon you will be just like Scotty and the Mac Plus.

    As a shortcut, you can speak the command “Show commands” to see a list of the commands you can say.

  • Errata

    Last week a typo slipped by our proofers. Command+M is not open a new document but that command is Command+N. Sorry about that. To make up for it here are a couple more keyboard combinations you might find handy:

    **Command-Option-Esc** – If an app stops responding, you might need to force it to quit. You can do that with a right click on the app icon in the dock, but it’s even easier if you hit this keyboard shortcut. This will bring up the Force Quit dialog, which you can then use to make that non-responsive app quit. You might need to Command-Tab you way out of an active frozen app first, though, or use **Command+Shift+Option+Esc** to quit the currently active app.

    **Command-Option-P and R** – Here’s one that might challenge your fingers dexterity. Fortunately, you will hardly ever have to use it but it is used to reset your non-volatile random access memory (NVRAM). Information stored in NVRAM can include speaker volume, screen resolution, start-up disk selection and recent kernel panic information. If you are asked to reset your P-Ram or NVRAM here’s how you do it.

    1) Shut down your Mac
    2) Turn on your Mac
    3) Immediately after you hear the start up sound, hold down the command, option, P and R keys
    4) Hold those keys down until you hear the start up sound again and then release them.