Phishing is the most popular and dangerous way of personal data stealing. However, one can protect oneself from it. How not to fall for a fake “bell” in push notifications?
Push notifications are a useful tool that allows recipients to be constantly up to date with offers, news, or novelties. They have gained popularity in almost all industries, from e-commerce to blogs. Unfortunately, they are also used to phishing. How to protect oneself from cyber criminals?
How does phishing work?
Phishing is the simplest yet most dangerous type of cyber attack. Phishing does not require particularly advanced technical knowledge. The weakest link in this case is a person who does not check precisely where emails or push notifications come from. The principle of operation is simple – it suffices to click on a fake link in a message and a recipient will be redirected to an infected website that requires logging in. Then all the data entered will be transferred to a hacker who can use it in different ways – make a transfer from our account, buy something online or take over a social media account.
How to detect a fraud attempt?
Although this may not be apparent, it is relatively simple to recognise phishing messages. E-mail addresses or sentences in the message content usually have spelling or stylistic mistakes. This is the result of poor translation from another language. Unlike real message, hackers do not give the recipient’s full name and surname – senders simply do not know who they are writing to, hoping that the addressee clicks on an attachment or link.
In the case of push notifications with a characteristic “bell” a user must give consent to receive messages from a browser or app. However, this is not a big problem for hackers. For example, they reverse the order of operation of the “accept” and “reject” buttons. Then, once a user’s consent is obtained, an attacker begins to bombard them with messages. Subscribers are displayed fake windows or copies of popular websites. The so-called clickbaits are very popular, which are intended to interest Internet users with the very headline, often with controversial content, and prompt them to click on the message.
Another way of phishing includes fake push notifications of lottery winnings. All one needs to do is to fill in a survey by providing one’s details. Scammers also use consumer confidence in their mobile devices – they can show a fake message about a missed call or indicate the need to log in to the social network again. In the latter case, one needs to pay attention to the design of the application or website’s URL.
How to protect oneself from cyber attacks?
A limited trust policy must be applied on the web. Very risky behaviours include e.g. impulsive clicking on links and downloading files from unknown sources. Even a notification from a courier company, when we don’t expect any parcel, can be an ordinary scam. The first line of defence against phishing is spam filtering. That’s why it is so important to have antivirus software.
Another protection method is an anti-phishing module, i.e. an antivirus component that checks pages visited by the user. Push notifications in the form of a bell are an extremely useful tool owing to which a recipient will not miss any relevant information. However, like all Internet tools, these can also fall victim to an attack. Before clicking on a link or popup, we need to be absolutely sure that the information comes from trusted sources. This applies to both downloaded mobile apps and clicking on even seemingly trusted links.