Fraudulent browser push notifications as a means of phishing and advertising are gaining popularity, with the share of users hit by the problem growing month-on-month this year. As shown by recent Kaspersky research, the monthly number of users affected has grown from 1,722,545 in January to 5,544,530 in September 2019. In total, during the first nine months of 2019, Kaspersky products protected more than 14 million of users from attempts to allow websites to show unwanted notifications. With essentially every web user being a potential victim, this threat, although unsophisticated, requires additional attention.
Browser push notifications were introduced several years ago as a useful tool that kept readers informed with regular updates, but today they are often used to bombard website visitors with unsolicited adverts or even encourage them to download malicious software. Useful user-friendly features, such as push notifications, are easy-to-use instruments for scams based on social engineering techniques, and therefore their growing popularity is not entirely unexpected. In light of the recent calendar invitations scam detected by Kaspersky, the company’s experts decided to dive deeper into push notification scams and phishing to find out how this tool can be abused.
Since a user’s consent is required in order to start sending notifications, attackers have come up with multiple, often ‘out of the box’ ways to trick and force people to sign up for subscriptions. The detected options include:
- Passing subscription consent off as another action, such as a CAPTCHA
- Switching the ‘accept’ and ‘decline’ buttons on subscription alerts mid-action
- Showing notifications from phishing copies of popular websites
- Showing fraudulent subscribe pop-ups on websites
After gaining user’s consent, attackers start bombarding them with messages. The least harmful (and yet the most popular) options are clickbait ads on sensitive social topics, while others include scam notifications – like lottery wins, offers of money in exchange for completing a survey or something similar. Schemes that are more sophisticated are targeted at milking money out of users using phishing techniques.
A common scheme uses messages disguised as system notifications, such as virus infection alerts. These redirect users to phishing copies of trusted websites and then prompt users to download various paid “PC cleaning” utilities. However, the potential of push notifications being used for such scams is not limited to just that.
“We have seen a rise in push notifications being abused, as attackers continue to creatively adapt new technologies in order to trick users. Because this feature is so widespread and easy to take advantage of through social engineering schemes, we have seen a rapid growth in the number of affected users. Push notifications are a very useful tool for users that help them stay on top of important things that interest them. Yet, as with anything on the internet, users have to remain attentive and cautious when interacting with pop-ups and only allow push notifications if they are completely sure the alerts are useful and come from trusted sources,” said Artemy Ovchinnikov, security researcher at Kaspersky.
To avoid receiving annoying notifications or scam ads, users can follow a few simple recommendations:
- Where possible, block all subscription offers, unless they come from popular and trusted websites. Remain vigilant to ensure you are not redirected to a fake website.
- If unable to avoid an unwanted subscription, block it in the browser settings.
- Start using a reliable security solution, like Kaspersky Security Cloud, that blocks ad and scam push subscription offers in browsers, can delete subscriptions that have already been approved, and has an anti-phishing feature.
Read more on the topic in the Kaspersky Unwanted notifications report on Securelist.
Hi-tech reinvents the massage
Virtual reality is invading the world of health and beauty – or is the other way round? ARTHUR GOLDSTUCK discovers a new role for VR through the ancient art of massage.
Imagine you are sitting at your office desk, stretched by deadlines and stressed by office politics. A minute later, you are sitting on a idyllic beach, watching the sunset, and someone is gently massaging your neck.
That’s probably a common fantasy, but now it is also a reality, thanks to the next big step in massage therapy. The ancient art is being transformed by virtual reality (VR), with massage clinics and therapists the world over discovering the transformative power of the technology.
In South Africa, the revolution is led by a company called Sheer Bliss, which works in the corporate space, mainly visiting company offices and call centres. The massage is quick – typically 6 minutes – but the combination of working the most stressed muscles and offering a brief escape to a beach paradise amplifies the experience.
Massage therapy goes back in history several thousand years, first as a sacred form of natural healing in India and later to pamper royals and the rich in ancient Egypt. These days, it is democratised, at least if you can afford it. But thanks to VR, it can now become a mass market experience. Sheer Bliss conducts an average of 27,000 massages a year, with teams in Johannesburg, Cape Town and KZN. Its mobile massage concept means it can also cater for conferences and large sporting events.
However, it’s not so much a case of VR saving the massage industry, as massage giving VR a boost, by providing a wonderful use case for its practical application.
“We needed to find something new to offer our customers,” says Nadine Hocter, founder of Sheer Bliss. “At the same time, we were looking at a way to future-proof the business. I was really lucky in that a group of MBA students at GIBS were given Sheer Bliss for their innovation project.
“We spoke about various ways of making our original massage more immersive. VR was mentioned, but it was in a meeting with a client who wasn’t biting that we sold the idea. Without realising it at the time, our business moved into a class encompassing the 4th Industrial Revolution.”
Visit the next page to more about how Sheer Bliss became the first virtual reality massage therapy business in South Africa.
Drones fight forest fires
The South African forest fire season began a month ago, and an estimated 20807 hectares of land were burnt in the Western Cape.
With such rampant and regular breakouts of forest fires, the quest to contain them before they cause widespread destruction, including property damage and loss of life, remains an issue of high importance for non-governmental organisations and the relevant government agencies. Equally important is the need to safeguard against the loss of the lives of firefighters during missions to contain these blazes.
As this continues being an issue, mainly because of the dense vegetation found in the Western Cape, coupled with the dry weather that is typical for this time of the year, the need to use unmanned aircraft to fight fires is ever increasing.
Drones are particularly crucial for forest fires that tend to get out of control quickly and that put both pilots and crew at risk. There’s only a small containment window between when the fire starts and when it gets out of control. Drones give firefighters a bird’s eye view of the terrain and helps them determine where the fire moves next so they can swiftly make decisions about where crews should go and who should be evacuated.
If you’re a firefighter responsible for forest fire response, mitigation and rescue, the benefits of drones are immense. We’ve detailed the main 4 benefits with supplemental stories below.
1. Drones Gather Situational Awareness in a Short Time
A drone helps you decide within minutes the type and amount of resources to send to the scene. Some drones are also equipped with thermal sensors, which uses infrared radiation to help first responders locate heat signatures of humans and fire hotspots that show where fires are most likely to spread. Even before your personnel arrive on the scene, commanders are able to make decisions just from these images live-streamed to their computers.
In early December whilst fighting a blaze, SanParks made use of a DJI drone with an infrared camera to capture images of the Rocklands fire in Simonstown.
In a similar incident in the German town of Hechingen, firefighters had to fight against winds that were spreading to nearby wooded and populated areas. The creeks had dried out while the first fire truck that arrived carried only 2,000 liters of water.
Hechingen’s Fire Brigade deployed DJI’s Matrice 210 ruggedised commercial grade drone, a Zenmuse XT thermal camera, and an X4S high definition visual imaging camera. These fed information to the incident commanders and helped them know where to direct their resources, how many units to send and where to increase water supply. At the end, the crew extinguished the blaze with only 5,000 liters of water mixed with compressed air foam. The drones not only helped them save water but more importantly hastened reaction time helping the Brigade send crews faster to the scene with the exact manpower, units and supplies.
“The biggest advantage came to light during the search for hotspots and extinguishing them,” Hechingen’s Fire Chief Commander Bulach later told DJI, “The simultaneous deployment of the XT and X4S provided me with exact information about where to delete the hotspots and how long until we reached a safe state.”
2. Drones Protect Your Personnel
Drones help you monitor your crew to make sure you’re sending them in the right direction, that they’re safe and to help you determine whether to send backup forces.
On 13 August 2017, Yosemite firefighters battled a 9-day blaze in Southfork, California, that was complicated by weakened timber trees in the nearby region. Flying planes in the tight canyons was dangerous due to a bellowing column of smoke. At the same time, an unexpected thunderstorm spread the fire, blurring the firefighters’ primary containment line and threatening to spread to nearby villages. The Yosemite fire-force used a DJI drone with the Zenmuse XT thermal payload in their pre-shift early morning hours to map fire lines and livestream information to controllers for operational decisions and situational awareness. Tony Eggiman, Menlo Park FPD Fire Captain recalled, “the operations major told me later it brought his blood pressure from about 200 down to about 100. He was really happy.”
With aerial intelligence captured by drones, incident commanders can make better-informed decisions that keep firefighters safe while they plunge into fire and other dangerous spots to save other peoples’ lives.
3. Drones Enable Fast Mapping for Incident Response as Well as for Post-Incident Recovery
Drone solutions for forest fire response typically carry two different cameras: a visual camera and a thermal camera. The visual camera gives you a real-time view of different situations, able to easily spot things such as your fire team or nearby equipment. The thermal camera scouts for heat signature of the human or fire hotspots.
Drones fly lower than helicopters, providing a more nuanced picture of the situation, and can navigate in tight or dangerous spaces where no helicopter pilot would dare to go. With thermal imaging capabilities, they can locate hotspots at a fire scene within seconds, and see people trapped even in areas of thick smoke.
Drones also play an important role after the fire has been put out. During the Carr Fire, crews piloted low-flying drones to capture 360-degree images of the destruction. For the residents forced out of their homes, this provided invaluable information on property damage to assess insurance claims in a faster time, letting victims more quickly take steps to rebuild their lives.
4. Drones Give you Accurate Intelligence for Informed Decision Making
Wildfires often involve large-scale operations where the incident commander must make decisions on personnel and resource deployment. Drones are effective intelligence generators that can capture detailed data and information from the field, and live stream back to the command centre. By having that real-time aerial view, you can see exactly what’s happening and don’t have to rely on second-hand information. You know what’s going on and where. You can also monitor your crew to see their location and that you’re sending them in the right direction.
Drones allowed firefighters of the Gaoming district, Foshan in South China to expertly evaluate 960 people when a fire broke out on Lingyun Mountain near the area, December 12, 2019.
The DJI Mavic 2 Enterprise Dual (M2ED) was flown out within minutes of the response team’s arrival at the incident for fast situational awareness. Two minutes later, the Matrice 210 V2 drone platform was launched, giving detailed information with its sensor’s 30 times zooming ability. The Mavic gave responders their quick incident overlook, while the Matrice provided detailed, high-resolution images for thorough situational awareness. The combination saved more lives, protected firefighters, and shaved firefighting costs.
As Los Angeles Fire Department (LAFD) Battalion Chief Richard Fields, program coordinator, told the Board of Fire Commissioners in a March 2019 report, “Timely and accurate communication is essential in getting the right resources in place to mitigate an incident.”
Drones have gained a foothold in the sphere of public safety and forward looking government agencies are expanding their use in areas including environmental services, public works, transportation and rescue services. Download DJI’s whitepaper to explore the Best Practices For Deploying Drones At State And Local Government Level.