Identify and Eliminate Scam Notifications

Email may be the most common form of scams and phishing, but it’s not the only one. If you use your Mac regularly, you are probably familiar with the notification banners in the upper right corner of your screen. When legitimate these can alert you to new emails, new text messages, breaking news, reminders that you have set, and more. Any app or website can send notifications here if you allow it. Website push notifications have real uses, such as alerting users of new headlines, social media posts, and more.

Unfortunately, push notifications can also be used for malicious purposes, notably phishing and scams. You visit a website that asks you if you’d like to receive notifications and then you see this:

If you click Allow, the website will be able to send any messages it wants to, and those messages could be scams.

The Quick Fix

I recommend reading through the rest of this article to learn how to prevent them and how to fine-tune the notifications, but if you just need them to stop this should do it. Simply control-click or right-click on one of the banners when it pops up and choose “Turn Off”. Just be aware that if the notification is coming from a browser that isn’t Safari (Chrome, Firefox, Brave, etc.), this may turn off all notifications from all websites in your browser. This might be more scorched earth than you would like. And if you have allowed notifications from several websites, you may have to do this multiple times.

What are these and how do I identify them?

The goal is to trick you into clicking the notification, which will load a fake site that attempts to get you to enter login credentials or credit card information, potentially stealing your passwords and/or identity.

The danger of phishing notifications is that they are notifications, so they may seem more legitimate than email messages trying to sucker you into revealing personal information. Nevertheless, as you can see in the examples above, they may still look sketchy in ways reminiscent of phishing emails:

• Legitimate websites rarely use emoji or symbols in a notification, much less multiple ones.
• Although there are no glaring spelling or grammar mistakes, the use of all caps in the top notification is a giveaway. Similarly, standard notifications wouldn’t use exclamation points.
• The use of “Click here” is poor information design that’s unlikely to come from a professional programmer or Web designer.

Phishing notifications, although problematic, aren’t an infection, thus anti-malware packages won’t detect or remove them because they are using proper system tools and you have opted into receiving them. Luckily, they’re easy to control and block in Safari and other Web browsers. The problem is knowing which app they are coming from because they could be from any web browser on your computer.

Prevent Phishing Notifications

The easy way to ensure you don’t see phishing notifications is to allow only trusted websites to send notifications. In general, I recommend keeping that list small so you’re not frequently interrupted by unnecessary notifications.

If you’re unsure that you’ll be able to identify malicious websites, you can enable a Safari setting that prohibits all websites from asking for permission to send notifications. In Safari, choose Safari > Settings > Websites > Notifications, and deselect “Allow websites to ask for permission to send notifications” at the bottom. But of course, this only helps if you use Safari.

Other browsers have similar options, and most will look like Google Chrome, as shown below:

• Arc: Choose Arc > Settings > General > Notifications and select “Don’t allow sites to send notifications.”
• Brave: Navigate to Brave > Settings > Privacy and Security > Site and Shield Settings > Notifications and select “Don’t allow sites to send notifications.”
• Firefox: Go to Firefox > Settings > Privacy & Security > Notifications and select “Block new requests asking to allow notifications.”
• Google Chrome: Navigate to Chrome > Settings > Privacy and Security > Site Settings > Notifications and select “Don’t allow sites to send notifications.”
• Microsoft Edge: Choose Microsoft Edge > Settings > Cookies and Site Permissions > Notifications and turn off “Ask before sending.”

Browsers based on Chrome (everything except Firefox in the list above) offer a “Use quieter messaging” option that replaces the permission dialog with a bell icon next to the site name in the address bar—click it to allow notifications from that site.

Removing Phishing Notifications

Now you know how to prevent new sites from requesting permission to display notifications. What about sites that already have permission? It’s easy to block them in Safari’s Notifications settings screen. If you have any undesirable sites with Allow in the pop-up menu to the right of their name in the Notifications screen, choose Deny from that menu. You could remove the site instead, but that would allow it to ask for permission should you visit it again.

Firefox’s interface is similar to Safari’s, but Chrome-based browsers have a different interface that separates the blocked and allowed sites. To block a website whose notifications you no longer want to receive, click the three-dot button to the right and choose Block. Again, you could remove undesirable sites if you prefer, but remember that if your notification settings ever change, doing so could allow the site to ask for permission once more.

The other place you will need to check if you are using macOS Ventura or later is within the System Settings app. Go to the Apple menu > System Settings (if you see System Preferences you are on an older system software and you don’t need to continue with this step) > Notifications. Browse through the list of all apps and Safari websites that have requested access to the notification center. If you see any that are from websites they will have the Safari compass icon next to it with the website address. Right-click or Control-click any items you want to remove and choose “Reset Notifications” from the popup menu. Or you can click the entry and turn the slider off to disable notifications.

Ultimately, it’s easy to avoid phishing notifications by paying attention as you browse the Web. Steer clear of websites that make an unexpected request to display notifications. Notifications aren’t necessary for any website to function, so there’s no harm in denying such requests unless you’re sure they’re legitimate.

(Featured image based on an original by iStock.com/tadamichi)

---

Social Media: