Online Safety Danger: Website Notifications

Scammers and hackers love this feature

website push notifications

In This Article

• Web browsers allow push notifications

• They appear outside the browser window

• They look similar to operating system notices

• Some are safe, legitimate, and helpful

• Some are used by scammers and hackers

• Your best defense against rogue notifications

(No time to read right now? Just want to see the list of things to know? Here you go.)


Introduction

Recent versions of popular web browsers (Chrome, Firefox, Edge, and Safari) have a feature hackers and scammers are using to their advantage.

And they do it with your willful, although unintentional, cooperation.


Push Notifications

windows notificationWebsites can use this browser feature to ask you to allow them to show you notifications.

These notifications appear outside the browser, on your main computer or phone screen, and can look similar to ones coming from the operating system itself.

Notifications are a legitimate way for the operating system to alert you to available updates, potential security risks, and other things.

But when websites use the same mechanism for bogus purposes, things can get dangerous. Let's back up for a minute…


Safe Notifications

Many websites use the notification feature for valid reasons that benefit you. However, they have to get your permission first.

notification requestSo they'll show you something that explains why they want to show you notifications and what they'll be about (such as updates, discounts, etc.).

Many people say “yes” by default, some without even reading the message.

In most cases, this is totally safe, although possibly annoying if a website abuses the privilege and shows you too many notifications.


Not So Safe Notifications

The problem starts when hackers, scammers, and other unscrupulous people offer to pay website owners to install scripts (small application programs) that provide notifications.

Although they probably tell the website owners that the scripts are harmless, they can be manipulated in ways the website owners are unaware of.

scammy notificationThe notifications come from legitimate websites (and you agreed to see them).

But they can show advertisements for bogus products, pitches for dubious investment opportunities, or fake security alerts to scare you into spending money to fix a problem you do not have.

In some cases, these rogue notifications can trick you into revealing usernames, passwords, or other personal info. Or they can install viruses or other malware onto your computer or phone.


A Wolf in Sheep's Clothing

The danger with notifications from websites is that it can be very hard to tell the difference between valid ones and ones coming from the bad guys.

The fake ones can be made to look identical to the legitimate ones. As of now, most anti-virus and other security programs cannot detect these rogue notifications.


Your Best Defense

thumbs downThe best way to keep yourself safe is to decline notifications from websites unless you are absolutely sure they are 100% safe.

The largest websites, used by millions of people daily, have security teams keeping the sites clean. So you're probably OK accepting notifications from them.

For most other sites, though, it's really better to just say no. If you don't even want to be bothered, you can disable notifications.


How to Tell Your Browser to Stop Asking

To get your web browser to stop asking about notifications, follow these steps based on which browser you use…

  Google Chrome

  1. Click the three-dot menu icon in the browser's upper-right corner and select “Settings.”
  2. Scroll down to the bottom of the screen, click “Advanced,” then click the “Site Settings” option under the “Privacy and security” header.
  3. Click “Notifications” on the screen that appears next.
  4. Click the toggle next to “Ask before sending (recommended).” That’ll cause the toggle to turn from blue to gray and the text to change to “Blocked.”
  5. If you want to allow only a small number of specific sites to send you notifications, such as Gmail or CNN, you can add them as whitelisted exceptions on that same Chrome settings page:
    • Click the “Add” button next to the word “Allow.”
    • Type in the web address of the site you want to whitelist using this format (without the quotes): “gmail.com/*”
    • Note the asterisk on the end, which serves as a wildcard and tells Chrome to allow notifications from any site starting with the path you entered.

  Mozilla Firefox

  1. Click the three-line menu icon in the browser’s upper-right corner and select “Options.”
  2. Click “Privacy & Security” in the menu at the left.
  3. Scroll down to the “Permissions” section and click the “Settings” button next to “Notifications.”
  4. Check the box next to “Block new requests asking to allow notifications.”
  5. If you want to remove any websites you’ve already authorized for notification delivery, click them in the list on that same screen and then click the “Remove Website” button. You can also click the “Remove All Websites” button to eliminate all whitelisted sites at once. (If you don’t see any sites in the list and the buttons are grayed out, that means you haven’t given any websites the green light to notify you.)
  6. Firefox doesn’t provide any way to add sites as exceptions from its settings section, so if you want to whitelist any websites, you’ll have to leave the notification permission active and then go visit those sites individually to get them to prompt you. You can then approve the requests one at a time and then go back to disable the notification permission once you’re done.

  Apple Safari

  1. Go to Safari > Preferences using the top menu bar
  2. Click on Websites
  3. Click on Notifications in the left-hand menu
  4. Any websites that have asked for permission to show alerts will be listed. You can go down the list and choose to allow or deny any or all of them.
  5. You can also uncheck “Allow websites to ask for permission to send push notifications” at the bottom of the window.
  6. You can also mute all notifications from Safari (and from other apps besides), by going to the Notification Center of your Mac:
    • Go to your System Preferences
    • Click on Notifications
    • Find Safari in the list on the left and select it.
    • Under “Safari alert style:” select “None.” This will only affect the banners that appear when you get a notification
    • Uncheck any (or all) of the following: “Show notifications on lock screen,” “Show in Notification Center,” “Badge app icon,” and “Play sound for notifications.”
    • If you want to silence your system temporarily, you can select “Do Not Disturb” on the top of the left-hand list and then filling in the time or circumstance when you want to silence all notifications.

Questions?

If you have any questions about anything here or if there's an issue you'd like us to write about please get in touch.

Want More Info Like This?

Get our Free Newsletter