I’d like to address a threat that I am suddenly seeing on a more consistent basis. It’s an issue that has existed since the internet began, and yet, we’re dismissive of the threat. I’m talking about pop ups and notifications. If you’re thinking, “I never fall for those things!” I would urge you to read a little further. These notification threats have evolved, and some of them are very convincing.
How do pop-up scams work?
We’re all used to receiving notifications in the bottom right corner of our workstation (The System Tray). They often remind us that it’s time to update Windows and may be linked to applications such as Outlook. Some of us appreciate these little reminders, others find them annoying. Either way, we grow accustomed to seeing them, and generally trust them to be legitimate. That is exactly why they can be such an effective method for convincing us to download software or call a ‘help desk.’
What I’m describing may sound very similar to a phishing email. And the end goal is essentially the same. Threat actors are attempting to trick you into clicking on a link, or calling a number, to access your account credentials or take your money. And, like how emails can circumvent your anti-virus, so do these notifications that originate from internet browsers.
A simple fix
The good news is that these notifications and pop-ups are not typically ‘malware.’ They are the first step of the attack, and if you choose not to click on their links, or engage with the individuals that craft them, you should remain safe.
Additionally, the solution to removing this threat is usually simple. Firstly, make sure you are using a legitimate browser such as Google Chrome or Microsoft Edge. If you see a shortcut to another browser on your desktop, and you don’t recognize it, delete it! Secondly, navigate to both the Extensions, and the Notifications sections in your browser. Review what is listed and remove or turn off permissions for anything you didn’t explicitly install. For those who are tech savvy, there are plenty of short guides online to assist with this process.
If you are still concerned about notifications that you receive and would like a professional to review them with you, give us, or your current MSP a call. If you are not currently working with an MSP, and are interested in having a conversation about Cybersecurity, we would love to hear from you!
Remember, Cybersecurity is a long journey, but it is one worth starting today!
Michael Wallace
Director of Cybersecurity
