When visiting a website, do you sometimes get a box asking you to give the site permission to show you notifications, with options for Allow and Block? Here we explain what that means and how clicking Allow can put you at risk.
The notifications permissions box appears when you visit a particular website and that website wants permission to show you “browser notifications”.
Browser notifications allow a particular website to display custom notifications, even if you’re not on that website or – sometimes – even when your Internet browser is closed.
Below is the box that may appear when you visit a website asking you to allow the website to show you browser notifications.
Sites like Gmail and Facebook use browser notifications to alert you to things like new email or new engagement. Such notifications often pop-up in the corner of your screen and are controlled by the website issuing the notification. For example a Facebook browser notification is below…
Some quick facts about browser notifications –
However, while these notifications can be a useful feature for certain sites, they’re frequently used by scammers to lure victims to phishing websites or malware payloads.
For example, if a user clicks ‘Allow’ when visiting a website they don’t trust, this can lead to that website issuing notifications that lead to malicious payloads. For example the below notification.
You can see that this particular browser notification claims that our computer is infected with viruses and asks us to click a link to remove them. The notification also uses the logo and branding of a reputable antivirus company.
However this notification will direct a victim to a malware payload when clicked. If the user agrees to download the file, their device will become infected with malware.
Sponsored Content. Continued below...
Often websites will lure visitors into clicking ‘Allow’ by claiming you need to do so to access the website, or to prove you’re “not a robot”. (See below.)
And as stated before, once a website is given permission to show browser notifications, they can do so at any time. Even when you’re not on the website or have your browser open. This means these malicious notifications can appear at any time.
There is a common misconception that these browser notifications are pop-up windows and appear as a result of an existing malware infection. That is not the case. While such notifications can lead to malware, they are not malware themselves, and running an antivirus scan won’t stop them from appearing. To stop a website sending you browser notifications, you need to revoke the website’s permission to show notifications in your browser settings, and we go into that next.
Stopping a particular website from sending you notifications can vary depending on what browser you use.
To stop a website sending browser notifications on Microsoft Edge…
Click the three dotted icon > Settings > Cookies and site permissions > Notifications. From there you can see which sites are able to send you notifications under the Allow list. You can remove any sites if necessary.
To stop a website sending browser notifications on Google Chrome…
Click the three dotted icon > Settings > Security & Privacy > Site Settings > Notifications. From there you can see which sites are able to send you notifications under the Allowed to send notifications list. You can remove any sites if necessary by clicking the three dotted icon and selecting Remove.
To stop a website sending browser notifications on Firefox…
Click the three lined icon > Settings > Privacy & Security > Permissions > Notifications. From there you can see which sites are able to send you notifications. You can remove any sites if necessary by clicking the icon next to each site and selecting Block.
For other browsers refer to your specific browser instructions.
The advice here is simple. Never ‘Allow’ browser notifications on websites you don’t know or trust. Instead always click ‘Block’. If you do get notifications appear, remove them using the instructions above.
