Kingston Police have shared details on how cybercriminals take advantage of browser notifications to spread malware or hold systems hostage.
In a media release dated Monday, Sept. 25, 2023, Kingston Police shared the following details:
What Are Browser Notifications?
Most internet browsers allow websites to offer browser notifications. The first time you visit a website that offers browser notifications, you will see a pop-up message at the top of your browser window asking you to either allow or block notifications. If you choose to allow them, browser notifications can be displayed at any time, even when you are not on that website. These notifications are typically used for things like blog updates, social media interactions, and upcoming sales. Unfortunately, cybercriminals can also send their own malicious browser notifications to steal your money and information.
How Do Cybercriminals Use Browser Notifications?
Cybercriminals can use two different methods to send you malicious browser notifications. They can either hijack a legitimate website and offer fake notifications from that website, or they can trick you into allowing notifications while visiting a malicious website. For example, in one scam, cybercriminals used a malicious website that appeared to be a video player and instructed users to click “Allow” before they could play a video. Once cybercriminals are able to send you browser notifications, they can use the notifications in several ways:
- They can display excessive pop-up messages, inappropriate content, or other disruptive material in your browser. This tactic allows cybercriminals to hold your system hostage while they demand a ransom.
- They can send you malicious advertisements, also known as malvertising. Malvertising is when cybercriminals use ads to spread malware, trick you into providing sensitive information, or steal your money using fake storefronts.
- They can include malicious files and code within browser notifications. If you click on one of these malicious notifications, your system may be automatically prompted to download a piece of malware.
Hints and Tips to Stay Safe
Use the tips below to stay safe from malicious browser notifications:
- Think before you click! Whether it is a browser notification or another kind of pop-up message, always read and consider a prompt before taking action.
- Check the permissions settings within your browser and only allow notifications for websites that you know and trust. Most browsers include a list of websites that are allowed to send you notifications. Some browsers also allow you to globally block notifications for all websites.
- Keep your browser and other software up to date. Software updates often include security patches that help close known vulnerabilities. We recommend enabling automatic updates to ensure that your browser is always up to date.
Stop, look, and think. Don’t be fooled by the scammers.
More information on avoiding scams, including listings of recently reported incidents, visit the Canadian Anti-Fraud Center website.