Scambusters
menu icon
search icon
×

Fake Push Notifications: Don't Take the Bait!

fake push notification

Is That Phone Alert Real? Tips to Tell the Difference: Scambusters #1,201

Your phone buzzes with what seems like an urgent message, maybe about your bank, a delivery, or security. It feels important and tapping it seems safe. But scammers now use push notifications to send fake alerts that aim to steal your information or access your accounts.

Understanding how these fake messages work can help keep you safe from becoming their next target.

Fake Push Notifications: Don't Take the Bait!

Push notifications are short messages that appear on your device's screen. They come from an app or website, and you typically need to agree to receive them. They provide important updates, such as breaking news, social media alerts, or flight changes, without requiring you to open the app.

Legitimate organizations use push notifications for various helpful reasons.

  • News outlets send alerts for breaking news.
  • Reminders in calendar apps alert you to upcoming appointments.
  • Social media apps like Instagram or Facebook notify you of new messages or comments.
  • Retailers might alert you to a flash sale or when an item has shipped.
  • Banks use them for transaction confirmations or two-factor authentication (2FA) requests.

How Are Push Notifications Sent?

To receive push notifications from an app or website, you need to give permission first. When you install a new app or visit a website for the first time, you will often see a pop-up asking if you want to allow notifications. If you say yes, the app or website will register your device with a push notification service. This service then delivers notifications from the sender to your device.

How Scammers Exploit Push Notifications

Scammers send fake push notifications that seem to come from trusted sources, like your bank, a social media site, or a government agency. They want to make you feel rushed or scared so that you take action quickly.

More Scam Reports:  3 New Nigerian Scams Uncovered -- Plus a Personal Family Identity Theft Scare

These fake alerts often contain alarming messages, such as:

  • "Your account is not secure. Click here to fix it."
  • "We see unusual activity in your bank account. Please verify your identity now."
  • "You have won a prize! Click here to claim it."

When you click on the notification, it may take you to a phishing website that tries to steal your login details, financial information, or other personal data. In some cases, clicking the link might also download malware onto your device.

A common trick used by scammers is push notification bombing, also known as MFA fatigue. In this situation, a scammer who has both your username and password sends many login requests to your device. This results in a flood of push notifications for two-factor authentication. The scammer hopes you will become annoyed and accidentally approve one of the requests, which gives them access to your account.

Can Two-Factor Authentication (2FA) Notifications Be Scams?

Even two-factor authentication (2FA) notifications can be part of a scam. If you get a 2FA push notification for a login that you did not start, this is a big warning sign. A scammer is likely trying to access your account. If you approve the request, you will give them access.

Red Flags of a Fake Push Notification

It's often hard to tell if a notification is real or fake. However, you can look for some warning signs:

  • Be cautious if you get an unexpected alert, like a security notice or a prize notification. It’s important to question these messages.
  • Scammers often use alarming words like "URGENT," "ACTION REQUIRED," or "WARNING" to create panic. Real companies usually maintain a more professional tone.
  • If you receive a message that starts with "Dear User" instead of your name, it might be a fake.
  • Be careful of fake notifications. They often have spelling and grammar mistakes, like typos or awkward wording.
  • Check links carefully before clicking a link, hover over it to see where it goes. If the URL looks odd or doesn't match the person or source who sent it, avoid clicking it.
More Scam Reports:  Warnings on Fake Home Inspections, Home Working Scams and Baby Photo Tricksters

A Real-World Example: The "System Update" Scam

A common scam is a fake push notification that says your device needs an urgent system update. This notification may look official, using logos from well-known tech companies. The message will urge you to click a link to download and install the update right away to protect your device from a new threat.

Beware! The link goes to a harmful website. If you download the "update," you are actually installing malware. This malware can steal your data, lock your files for ransom, or give scammers control of your device.

How to Protect Yourself from Push Notification Scams

To protect yourself, stay alert and practice good security habits.

  • Only allow notifications from apps and websites you trust. If you are unsure, it’s better to decline the request. You can always change this setting later.
  • Think before you click. If a notification looks suspicious, don't click on it. Instead, go directly to the app or website to check for real alerts.
  • Use strong, unique passwords. Make sure to use a different password for each account. This helps stop a scammer who knows one password from getting into your other accounts.
  • Check your notification settings. Regularly look at your phone and browser settings to see which apps and websites can send you notifications. If you find any that you don't recognize or no longer use, turn off their permissions.
  • Turn on Multi-Factor Authentication (MFA) for all your important accounts. Be cautious of MFA fatigue attacks. Only approve login requests that you started.

What to Do If You Receive a Fake Notification

If you think you got a fake push notification, take these steps:

  • Do Not Click! Do not tap or click on the notification or any links within it.
  • Dismiss the Notification! Swipe it away to clear it from your screen.
  • Block the Sender! Go into your device's notification settings and block the app or website that sent it.
  • Report the Scam! If the notification impersonates a specific company, report it to that company. You can also report phishing attempts to authorities like the Federal Trade Commission (FTC).
  • Run a Security Scan! If you accidentally clicked the notification, run a malware scan on your device immediately.
More Scam Reports:  How to Remove Name Details and Other Personal Info Online

Conclusion

Push notifications can be helpful, but they can also be a way for scammers to reach you. To protect yourself, learn how to recognize their tricks and identify warning signs. Be careful with alerts that come unexpectedly, especially those that push you to act quickly.

Keeping a healthy skepticism and taking steps to secure your digital information is your best defense against these scams.

Remember, Stay Alert and Stay Informed!

«