Learn to Identify and Eliminate Phishing Notifications

ByEmily Dolloff

Email may be the most common form of phishing, but it’s not the only one. Modern Web browsers support a technology that enables websites to display system-level notifications just like regular apps. These push notifications have good uses, such as letting frequently updated websites inform users of new headlines, changed discussion threads, and more.

Unfortunately, push notifications can be subverted for malicious purposes, notably phishing. Here’s what happens. You visit a website that asks you if you’d like to receive notifications.

That request may be introduced with language that implies you must agree in order to get desired content, or it may be a bald-faced request to show notifications. If you agree, the website will be able to display alarming or deceptive phishing notifications even when it’s not open.

The goal is to trick you into clicking the notification, which will load a fake site that attempts to get you to enter login credentials or credit card information to facilitate identity theft.

The danger of phishing notifications is that they come from the system, so they may seem more legitimate than email messages trying to sucker you into revealing personal information. Nevertheless, as you can see in the examples above, they may still look sketchy in ways reminiscent of phishing emails:

  • No legitimate website would use emoji or symbols in a notification, much less multiple ones.
  • Although there are no glaring spelling or grammar mistakes, the use of all caps in the top notification is a giveaway. Similarly, standard notifications wouldn’t use exclamation points.
  • The use of “Click here” is poor information design that’s unlikely to come from a professional programmer or Web designer.

Phishing notifications, although problematic, aren’t a malware infection, and anti-malware packages won’t detect or remove them. Luckily, they’re easy to control and block in Safari and other Web browsers.

Prevent Phishing Notifications

The easy way to ensure you don’t see phishing notifications is to allow only trusted websites to send notifications. In general, we recommend keeping that list small so you’re not frequently interrupted by unnecessary notifications.

If you’re unsure that you’ll be able to identify malicious websites, you can enable a browser setting that prohibits all websites from asking for permission to send notifications. In Safari, choose Safari > Settings > Websites > Notifications, and deselect “Allow websites to ask for permission to send notifications” at the bottom.

Other browsers have similar options, and most will look like Google Chrome, as shown below:

  • Arc: Choose Arc > Settings > General > Notifications and select “Don’t allow sites to send notifications.”
  • Brave: Navigate to Brave > Settings > Privacy and Security > Site and Shield Settings > Notifications and select “Don’t allow sites to send notifications.”
  • Firefox: Go to Firefox > Settings > Privacy & Security > Notifications and select “Block new requests asking to allow notifications.”
  • Google Chrome: Navigate to Chrome > Settings > Privacy and Security > Site Settings > Notifications and select “Don’t allow sites to send notifications.”
  • Microsoft Edge: Choose Microsoft Edge > Settings > Cookies and Site Permissions > Notifications and turn off “Ask before sending.”

Browsers based on Chrome (everything except Firefox in the list above) offer a “Use quieter messaging” option that replaces the permission dialog with a bell icon next to the site name in the address bar—click it to allow notifications from that site.

Eliminating Phishing Notifications

Now you know how to prevent new sites from requesting permission to display notifications. What about sites that already have permission? It’s easy to block them in Safari’s Notifications settings screen. If you have any undesirable sites with Allow in the pop-up menu to the right of their name in the Notifications screen, choose Deny from that menu. You could remove the site instead, but that would allow it to ask for permission again.

Firefox’s interface is similar to Safari’s, but Chrome-based browsers have a different interface that separates the blocked and allowed sites. To block a website whose notifications you no longer want to receive, click the button to the right and choose Block. Again, you could remove undesirable sites if you prefer, but remember that if your notification settings ever change, doing so could allow the site to ask for permission once more.

Ultimately, it’s easy to avoid phishing notifications by paying attention as you browse the Web. Steer clear of websites that make an unexpected request to display notifications. Notifications aren’t necessary on hardly any websites, so there’s no harm in denying such requests unless you’re sure they’re legitimate.

(Featured image based on an original by iStock.com/tadamichi)

Social Media: Did you know that a phishing website can send you a notification right on your Mac? Learn how this could happen and how to prevent it in your favorite Web browser.

Similar Posts

  • Businesses, Don’t Overlook Email Backup

    Cloud-based email services such as Google Workspace and Microsoft 365 dominate the market for organizational email for good reason. Dealing with the constant…

  • _Dear Friends_,

    Well I didn’t win the Powerball so I guess I have to stick with my day job a bit longer. Vermont finally got some winter weather and more snow is in the forecast. It has even gotten a bit cooler down here in the Keys where when it dips below 70° F the down coats and shoes come out.

    I am still struggling a bit with tropical gardening. A large caterpillar ate the leaves off one of my tomato plants overnight and for some reason I cannot get my citrus trees to blossom. I keep feeding and watering them in the hopes that my Key Limes, Myers lemon and Naval oranges will blossom but they seem to just make greenery. We did discover that bananas love coffee grounds and since Grace and I produce a lot of coffee grounds those plants are doing well.

    I upgraded myself from the original iPad mini to the iPad mini 4 before I went to Las Vegas and the differences are remarkable. Not only is it thinner and lighter but the screen is much better, the speed is a lot faster and I simply love the Touch ID. I had been trying to activate my old iPad mini with my finger after being used to that with my iPhone so it is a welcome addition for my primary reading device. I prefer the iPad mini to the full-size iPad or the iPad Pro because of the size. It feels like a paperback book in my hand and even on a crowded airplane it is comfortable to use.

    Do you know about tethering? I don’t know how many people I have talked out of buying a cellular iPad by explaining tethering. I guess that is a bit against my interests as you pay an extra $130 for cellular versions of the iPad. If you buy that cellular version you also need a cell contract which might be another $30 a month. Tethering is a much better idea. Tethering is where you share the cellular connection from your iPhone with your iPad. You activate Personal Hot Spot and boom you have your own private wireless network over cellular. The other day Comcast had an outage here in the Keys and I used tethering with my Mac to work all day. Most carriers will charge you a little more for tethering but it is less than the $30. With my iPad, I simply choose “donphone” from the wireless setup and I am connected with the same speed as if I had the cellular version of the iPad.

    This week’s Kibbles & Bytes exclusive is a “**fully configured 13-inch MacBook Air.**”:http://www.smalldog.com/wag900002125/special-save-50-on-apple-refurbished-macbook-air-and-free-hammerhead-case This Apple factory reconditioned MacBook Air carries the same 1-year Apple warranty as new Macs and we are bundling it with AppleCare so you actually get 3-years of warranty protection and 3-years of free Apple technical support instead of the normal 90-days. This MacBook Air is the same as the one I use and love. It features a 1.7GHz i7 processor, 8GB of ram and a big 512GB SSD drive. I am going to take $50 off and include a free Hammerhead neoprene case for this MacBook Air. Regular price is $1639.97 but for Kibbles & Bytes readers this week only (while supplies last) the price for this bundle is “**$1559.98.**”:http://www.smalldog.com/wag900002125/special-save-50-on-apple-refurbished-macbook-air-and-free-hammerhead-case

  • It is getting quite warm down here and I have had to fiddle with my solar heating system for the pool to get it turned down so I don’t have a hot tub instead of a refreshing plunge pool. One thing that is surprising here in Florida in my estimation is the lack of solar energy installations. Seldom do you see solar PV arrays either on rooftops or as a solar farm and even my rudimentary solar heating system for my pool is somewhat unique. You would think with all the sun down here…

    I am doing some upgrades and maintenance on the motorcycles this weekend. I do enjoy motorcycle mechanics, well, most of the time. It may seem frustrating to some but freeing a stuck bolt or troubleshooting that backfiring is actually relaxing for me even as I sweat it out. Anyone need a really clean 2009 S150 Vespa?

    Thank you for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily & Hadley_

  • Grace has tired of riding the little Vespa scooter so we are selling it. I bought an almost antique Victory cruiser so we both have bikes down here. I am going to Jasper, GA to pick it up this weekend and riding it back through the back roads of Georgia. It should be a nice little break.

    I am going to miss Johnny Dread and the reggae show down here but I am sure Grace will be there. It is hard to believe that we are heading into March already. My granddaughter, Gracie, is a Feb 29 baby so she is celebrating her 4th birthday as a 12-year old. My other granddaughter, Khadija, was off this week visiting colleges in the Boston area. Sure makes me feel old. I remember announcing Khadija’s birth here in Kibbles with the line “just call me gramps” and they still do!

    Thank you for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily, Morgan & Hadley_