Sunday, November 29, 2020

Why you should be picky about allowing website notifications

Most websites run on advertisement income. And websites have the ability to create connections to your own computer from other Internet nodes through links, clickable images and push notifications that serve up ads or other content.  

Be wary of which sites you allow to send push notifications to your computer because these can also be used by nefarious entities to deliver fraudulent notifications. Fake notifications can serve up scareware that prompts you to install software to correct a "security risk" or click links to malicious websites that then deliver dangerous payloads to your computer.

Here is an example of an Adweek request, prompting to allow or block notifications:


The top level domain that delivered this prompt is adweek.com, as is visible in the URL.  

If I select Allow, my computer would then be able to receive connections directly from adweek.com servers, completely outside of my browser, and with blanket permission to allow these external connections to my Windows or Mac desktop at any time. 

Another problem that arises from allowing notifications is the potential difficulty you may have in discerning a legitimate notification (generated by your operating system) from a third-party notification. 

For many years it's been a security habit of mine to choose Block on every such request. You can change your selection for each request—depending upon how much you trust the notification delivery domain—or you can configure your web browser to block all such requests. 

To learn how to manage these settings on your preferred browser, use a search engine  like Google to query, for example, "Chrome turn off notifications," or "Firefox block notifications." These settings can be applied to browsers on your smartphone as well.

Last week, Brian Krebs posted an article explaining why you should carefully consider whether to allow or block notifications when prompted. It is definitely worth a quick read. For more information, see Be very spaing in allowing site notifications at https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/.


Saturday, November 14, 2020

Check out the new Google scam spotter online!

With the holiday shopping season already upon us, now is a good time to remind ourselves to be alert to online shopping scams and other ruses. 

Have you heard about Google's scam spotter website? Check it out at https://scamspotter.org/, and be sure to take the two-minute quiz to see how well you area at detecting a scam. 

I love this site because the most pertinent information you need to know is presented visually, making it easy to comprehend regardless of your level of security knowledge. In less than 10 minutes you can learn how to detect scams in email (phishing), text messages (smishing) and phone calls (vishing). 

If you know someone who isn't security savvy or doesn't have time to devote to becoming a security expert, please share the scamspotter.org link with that person. This is an especially useful resource to share with your elderly loved ones, your kids or those who may be mentally challenged. 

Sample tip from scamspotter.org:



A note to my readers

This tip came from a monthly email newsletter produced by Rebecca Herold, aka The Privacy Professor. Every newsletter is a treasure trove of privacy and security of tips. I recommend you give it a try!

For more information, or to subscribe, visit https://www.privacyguidance.com/.