{"id":8673,"date":"2023-07-03T16:01:50","date_gmt":"2023-07-03T20:01:50","guid":{"rendered":"https:\/\/tcn.tidbits.com\/?p=9931"},"modified":"2023-07-04T10:06:35","modified_gmt":"2023-07-04T14:06:35","slug":"learn-to-identify-and-eliminate-phishing-notifications-on-a-mac","status":"publish","type":"post","link":"https:\/\/www.macworks.com\/blog\/learn-to-identify-and-eliminate-phishing-notifications-on-a-mac\/","title":{"rendered":"Learn to Identify and Eliminate Phishing Notifications on a Mac"},"content":{"rendered":"<p>Email may be the most common form of phishing, but it\u2019s not the only one. Modern Web browsers support a technology that enables websites to display system-level notifications just like regular apps. These push notifications have good uses, such as letting frequently updated websites inform users of new headlines, changed discussion threads, and more.<\/p>\n<p>Unfortunately, push notifications can be subverted for malicious purposes, notably phishing. Here\u2019s what happens. You visit a website that asks you if you\u2019d like to receive notifications.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9917\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2023\/07\/learn-to-identify-and-eliminate-phishing-notifications.png\" alt=\"\" width=\"265\" height=\"287\" \/><\/p>\n<p>That request may be introduced with language that implies you must agree in order to get desired content, or it may be a bald-faced request to show notifications. If you agree, the website will be able to display alarming or deceptive phishing notifications even when it\u2019s not open.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9913\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2023\/07\/learn-to-identify-and-eliminate-phishing-notifications-1.png\" alt=\"\" width=\"316\" height=\"136\" \/><\/p>\n<p>The goal is to trick you into clicking the notification, which will load a fake site that attempts to get you to enter login credentials or credit card information to facilitate identity theft.<\/p>\n<p>The danger of phishing notifications is that they come from the system, so they may seem more legitimate than email messages trying to sucker you into revealing personal information. Nevertheless, as you can see in the examples above, they may still look sketchy in ways reminiscent of phishing emails:<\/p>\n<ul>\n<li>No legitimate website would use emoji or symbols in a notification, much less multiple ones.<\/li>\n<li>Although there are no glaring spelling or grammar mistakes, the use of all caps in the top notification is a giveaway. Similarly, standard notifications wouldn\u2019t use exclamation points.<\/li>\n<li>The use of \u201cClick here\u201d is poor information design that\u2019s unlikely to come from a professional programmer or Web designer.<\/li>\n<\/ul>\n<p>Phishing notifications, although problematic, aren\u2019t a malware infection, and anti-malware packages won\u2019t detect or remove them. Luckily, they\u2019re easy to control and block in Safari and other Web browsers.<\/p>\n<h3>Prevent Phishing Notifications<\/h3>\n<p>The easy way to ensure you don\u2019t see phishing notifications is to allow only trusted websites to send notifications. In general, we recommend keeping that list small so you\u2019re not frequently interrupted by unnecessary notifications.<\/p>\n<p>If you\u2019re unsure that you\u2019ll be able to identify malicious websites, you can enable a browser setting that prohibits all websites from asking for permission to send notifications. In Safari, choose Safari &gt; Settings &gt; Websites &gt; Notifications, and deselect \u201cAllow websites to ask for permission to send notifications\u201d at the bottom.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9916\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2023\/07\/learn-to-identify-and-eliminate-phishing-notifications-2.png\" alt=\"\" width=\"641\" height=\"432\" \/><\/p>\n<p>Other browsers have similar options, and most will look like Google Chrome, as shown below:<\/p>\n<ul>\n<li><b>Arc:<\/b> Choose Arc &gt; Settings &gt; General &gt; Notifications and select \u201cDon\u2019t allow sites to send notifications.\u201d<\/li>\n<li><b>Brave:<\/b> Navigate to Brave &gt; Settings &gt; Privacy and Security &gt; Site and Shield Settings &gt; Notifications and select \u201cDon\u2019t allow sites to send notifications.\u201d<\/li>\n<li><b>Firefox:<\/b> Go to Firefox &gt; Settings &gt; Privacy &amp; Security &gt; Notifications and select \u201cBlock new requests asking to allow notifications.\u201d<\/li>\n<li><b>Google Chrome:<\/b> Navigate to Chrome &gt; Settings &gt; Privacy and Security &gt; Site Settings &gt; Notifications and select \u201cDon\u2019t allow sites to send notifications.\u201d<\/li>\n<li><b>Microsoft Edge:<\/b> Choose Microsoft Edge &gt; Settings &gt; Cookies and Site Permissions &gt; Notifications and turn off \u201cAsk before sending.\u201d<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9910\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2023\/07\/learn-to-identify-and-eliminate-phishing-notifications-3.png\" alt=\"\" width=\"735\" height=\"334\" \/><\/p>\n<p>Browsers based on Chrome (everything except Firefox in the list above) offer a \u201cUse quieter messaging\u201d option that replaces the permission dialog with a bell icon next to the site name in the address bar\u2014click it to allow notifications from that site.<\/p>\n<h3>Eliminating Phishing Notifications<\/h3>\n<p>Now you know how to prevent new sites from requesting permission to display notifications. What about sites that already have permission? It\u2019s easy to block them in Safari\u2019s Notifications settings screen. If you have any undesirable sites with Allow in the pop-up menu to the right of their name in the Notifications screen, choose Deny from that menu. You could remove the site instead, but that would allow it to ask for permission again.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9915\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2023\/07\/learn-to-identify-and-eliminate-phishing-notifications-4.png\" alt=\"\" width=\"641\" height=\"436\" \/><\/p>\n<p>Firefox\u2019s interface is similar to Safari\u2019s, but Chrome-based browsers have a different interface that separates the blocked and allowed sites. To block a website whose notifications you no longer want to receive, click the button to the right and choose Block. Again, you could remove undesirable sites if you prefer, but remember that if your notification settings ever change, doing so could allow the site to ask for permission once more.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9909\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2023\/07\/learn-to-identify-and-eliminate-phishing-notifications-5.png\" alt=\"\" width=\"534\" height=\"328\" \/><\/p>\n<p>Ultimately, it\u2019s easy to avoid phishing notifications by paying attention as you browse the Web. Steer clear of websites that make an unexpected request to display notifications. Notifications aren\u2019t necessary on hardly any websites, so there\u2019s no harm in denying such requests unless you\u2019re sure they\u2019re legitimate.<\/p>\n<p>(Featured image based on an original by iStock.com\/tadamichi)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Email may be the most common form of phishing, but it\u2019s not the only one. Modern Web browsers support a technology that enables websites to display system-level notifications just like regular apps. These push notifications have good uses, such as letting frequently updated websites inform users of new headlines, changed discussion threads, and more. Unfortunately, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":8674,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,69,106,25,112,185],"tags":[],"class_list":["post-8673","post","type-post","status-publish","format-standard","has-post-thumbnail","category-apple","category-apple-consulting-ct","category-apple-support-ct","category-mac","category-mac-support-ct","category-mactech"],"_links":{"self":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/comments?post=8673"}],"version-history":[{"count":1,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8673\/revisions"}],"predecessor-version":[{"id":8679,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8673\/revisions\/8679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media\/8674"}],"wp:attachment":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media?parent=8673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/categories?post=8673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/tags?post=8673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}