Krebs on Security reported that there have been an increasing number of websites asking visitors to approve 'notifications'. In most cases these notifications are not malicious, but several firms are paying site owners to install notification scripts to sell to scammers.
Normally, a website will ask permission to send notifications (as long as you approve the request), which results in messages that pop up outside of your browser. Krebs lists an example, "Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers."
Unfortunately many users do not know what they are signing up for to when notification are approved. It's also nearly impossible for a user to tell the difference between a notification sent by a website or one that is made to appear by another program that could be using this information against you.
For reference, here is what a general pop up looks like:
It's important to teach your users to be suspicious of any activity on their workstations, including allowing websites to show notifications. New-school security awareness training can ensure your users know how to stay alert and apply best practices in their day to day tasks.
Krebs has the full story.
