Security & Fraud

Kaspersky: Fake Push Notifications Have Grown Nearly 70 Pct In 2019

fake notifications are up

Cybersecurity company Kaspersky is highlighting a rise in fake browser notifications this year, according to a press release.

The company said affected users have tripled every month in 2019. In June, Kaspersky noticed a Google calendar scheme that tried to trick users into giving away personal information. The push scams work similarly, and ask people to sign up for subscriptions they don’t want, or to download software with unwanted consequences.

The malicious notifications affected 1,722,545 users in January, and that number rose to 5,544,530 by September.

“Browser push notifications were introduced several years ago as a useful tool that kept readers informed with regular updates, but today they are often used to bombard website visitors with unsolicited advertisements or even encourage them to download malicious software,” the company said.

Because of their ease of use, push notifications are becoming more and more popular as a means to trick users into giving away personal information. They use common techniques like phishing or other social engineering actions, and often steal information.

A user needs to give consent for these types of attacks, and malicious hackers often use what seem like innocuous ways of trickery to make that happen. For example, a simple CAPTCHA box, which many sites use to prove that someone is actually human, can be used falsely. Other alerts will include a fake notification about a system update.

“We have seen a rise in push notifications being abused, as attackers continue to creatively adapt new technologies in order to trick users,” said Artemy Ovchinnikov, a security researcher at Kaspersky. “Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen a rapid growth in the number of affected users. Push notifications are a very useful tool for users that help them stay on top of important things that interest them. Yet, as with anything on the internet, users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources.”



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.