The monthly number of users affected by fraudulent browser push notifications as a means of phishing and advertising has grown from 17.2 lakh in January to 55.4 lakh in September 2019, according to a research by cybersecurity firm Kaspersky. Kaspersky said its products protected more than 1.4 crore users from attempts to allow websites to show unwanted notifications.
Browser push notifications were introduced several years ago as a useful tool that kept readers informed with regular updates, but today they are often used to bombard website visitors with unsolicited adverts or even encourage them to download malicious software.
Useful user-friendly features, such as push notifications, are easy-to-use instruments for scams based on social engineering techniques, and therefore their growing popularity is not entirely unexpected.
“We have seen a rise in push notifications being abused, as attackers continue to creatively adapt new technologies in order to trick users. Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen a rapid growth in the number of affected users,” Artemy Ovchinnikov, security researcher at Kaspersky, said in a statement.
“Push notifications are a very useful tool for users that help them stay on top of important things that interest them. Yet, as with anything on the Internet, users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources,” Ovchinnikov added.