Fraudulent browser push notifications as a means of phishing and advertising are gaining popularity, with the share of users hit by the problem growing month-on-month this year. As shown by recent Kaspersky research, the monthly number of users affected has grown from 1,722,545 in January to 5,544,530 in September 2019. In total, during the first nine months of 2019, Kaspersky products protected more than 14 million of users from attempts to allow websites to show unwanted notifications. With essentially every web user being a potential victim, this threat, although unsophisticated, requires additional attention.
Browser push notifications were introduced several years ago as a useful tool that kept readers informed with regular updates, but today they are often used to bombard website visitors with unsolicited adverts or even encourage them to download malicious software. Useful user-friendly features, such as push notifications, are easy-to-use instruments for scams based on social engineering techniques, and therefore their growing popularity is not entirely unexpected. In light of the recent calendar invitations scam detected by Kaspersky, the company’s experts decided to dive deeper into push notification scams and phishing to find out how this tool can be abused.
Since a user’s consent is required in order to start sending notifications, attackers have come up with multiple, often ‘out of the box’ ways to trick and force people to sign up for subscriptions. The detected options include:
- Passing subscription consent off as another action, such as a CAPTCHA
- Switching the ‘accept’ and ‘decline’ buttons on subscription alerts mid-action
- Showing notifications from phishing copies of popular websites
- Showing fraudulent subscribe pop-ups on websites
After gaining user’s consent, attackers start bombarding them with messages. The least harmful (and yet the most popular) options are clickbait ads on sensitive social topics, while others include scam notifications – like lottery wins, offers of money in exchange for completing a survey or something similar. Schemes that are more sophisticated are targeted at milking money out of users using phishing techniques.
A common scheme uses messages disguised as system notifications, such as virus infection alerts. These redirect users to phishing copies of trusted websites and then prompt users to download various paid “PC cleaning” utilities. However, the potential of push notifications being used for such scams is not limited to just that.
“We have seen a rise in push notifications being abused, as attackers continue to creatively adapt new technologies in order to trick users. Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen a rapid growth in the number of affected users. Push notifications are a very useful tool for users that help them stay on top of important things that interest them. Yet, as with anything on the internet, users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources,” said Artemy Ovchinnikov, security researcher at Kaspersky.
To avoid receiving annoying notifications or scam ads, users can follow a few simple recommendations:
- Where possible, block all subscription offers, unless they come from popular and trusted websites. Remain vigilant to ensure you are not redirected to a fake website.
- If unable to avoid an unwanted subscription, block it in the browser settings.
- Start using a reliable security solution, like Kaspersky Security Cloud, that blocks ad and scam push subscription offers in browsers, can delete subscriptions that have already been approved, and has an anti-phishing feature.
Read more on the topic in the Kaspersky Unwanted notifications report on Securelist.
GoFundMe hits R9bn in donations for people and causes
The world’s largest social fundraising platform has announced that Its community has made more than 120-million donations
GoFundMe this week released its annual Year in Giving report, revealing that its community has donated more than 120-million times, raising over $9-billion for people, causes, and organisations since the company’s founding in 2010.
In a letter to the GoFundMe community, CEO Rob Solomon emphasised how GoFundMe witnesses not only the good in people worldwide, but their generosity and their action every day.
“As we enter a new decade, GoFundMe is committed to spreading compassion and empathy through our platform,” said Solomon in the letter. “Together, we can bring more good into the world and unlock the power of global giving.”
The GoFundMe giving community continues to grow with both repeat donors and new donors. In fact, nearly 60% of donors were new this year. After someone makes a donation, they continue to engage with the community and give to multiple causes. In fact, one passionate individual donated 293 times to 234 different fundraisers in this past year alone. Donations are made every second, ranging from $5 to $50,000. This year, more than 40% of donations were under $50.
GoFundMe continues to be a mirror of current events across the globe. This year, young changemakers started the Fridays for Futuremovement to fight climate change, which led to a 60% increase in fundraiser descriptions mentioning ‘climate change’. Additionally, the community rallied together to support one another during natural disasters like Hurricane Dorian and the California wildfires, where thousands of fundraisers were started to help those in need.
The report includes a snapshot of giving trends from the year based on global GoFundMe data. It also includes company milestones from 2019, such as launching the company’s non-profit and advocacy arm, GoFundMe.org, and introducing GoFundMe Charity, which provides enterprise software with no subscription fees or contracts to charities of every size.
Highlights from GoFundMe’s 2019 Year in Giving report include:
- Global giving trends and data
- Top 10 most generous countries
- Top 10 most generous U.S. states and cities
- Biggest moments in 2019
To view the entire report, visit: www.gofundme.com/2019
For users, in-car touchscreens ever more useless
As touchscreens become more commonplace, the gulf of perceived differences in the performance of these features between cars and other devices (such as mobile and in-home) has become wider. A new report from the In-Vehicle UX (IVX) group at Strategy Analytics has investigated car owners’ satisfaction with their on-board touchscreens. Long hamstrung by poor UX and extended production cycles, in-car touchscreens are seen by car users and buyers as lagging behind the experience offered by touchscreens outside the car. As such, consumer satisfaction has continued to slide in China and Europe, while reaching historic lows in the US.
Surveying consumers in the US, Western Europe, and China via web-survey, key report findings include:
- Difficult text entry and excessive fingerprint smudging are common complaints among all car owners.
- Because touchscreens have reached market saturation in the US, satisfaction with in-car screens has tailed off significantly.
- However, touchscreens remain a relatively newer phenomenon in many car models in Western Europe (compared with the US) and thus their limitations are less prominent in the minds of car owners.
- Overall touchscreen satisfaction fell for the fifth straight year in China, indicating a growing impatience for in-car UX to match UX found elsewhere in the consumer electronics space.
Derek Viita, Senior Analyst and report author, says, “Part of the issue with fingerprint smudging is the angle at which in-car touchscreens are installed – they make every fingerprint increasingly visible.
“Fingerprint smudging is an issue across all touchscreen-based consumer electronics. But in most form factors and especially mobile devices, consumers can quite easily adjust their viewing angle. This is not always the case with fixed in-car screens.”
Says Chris Schreiner, Director, Syndicated Research UXIP, “Although hardware quality certainly figures in many of the usual complaints car owners have about their screens, it is not the sole factor. Cockpit layout and UI design can play important roles in mitigating some issues with in-car touchscreens.”