Security & Fraud

Kaspersky: Fake Push Notifications Have Grown Nearly 70 Pct In 2019

fake notifications are up

Cybersecurity company Kaspersky is highlighting a rise in fake browser notifications this year, according to a press release.

The company said affected users have tripled every month in 2019. In June, Kaspersky noticed a Google calendar scheme that tried to trick users into giving away personal information. The push scams work similarly, and ask people to sign up for subscriptions they don’t want, or to download software with unwanted consequences.

The malicious notifications affected 1,722,545 users in January, and that number rose to 5,544,530 by September.

“Browser push notifications were introduced several years ago as a useful tool that kept readers informed with regular updates, but today they are often used to bombard website visitors with unsolicited advertisements or even encourage them to download malicious software,” the company said.

Because of their ease of use, push notifications are becoming more and more popular as a means to trick users into giving away personal information. They use common techniques like phishing or other social engineering actions, and often steal information.

A user needs to give consent for these types of attacks, and malicious hackers often use what seem like innocuous ways of trickery to make that happen. For example, a simple CAPTCHA box, which many sites use to prove that someone is actually human, can be used falsely. Other alerts will include a fake notification about a system update.

“We have seen a rise in push notifications being abused, as attackers continue to creatively adapt new technologies in order to trick users,” said Artemy Ovchinnikov, a security researcher at Kaspersky. “Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen a rapid growth in the number of affected users. Push notifications are a very useful tool for users that help them stay on top of important things that interest them. Yet, as with anything on the internet, users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources.”


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.