Renée Burton, Vice President of Threat Intel at Infoblox, recently shared her insights on the alarming trend of scammers exploiting push notifications to deliver scams, including fake gift cards and sweepstakes. According to Renée, when users visit websites that request permission to send notifications, they may unknowingly grant scammers a powerful tool. These cybercriminals take advantage of this by tricking users into accepting notifications, leading to misleading messages that redirect them to fraudulent content.
Renée’s investigation revealed that scammers often pose as trusted brands like Google or Walmart, sending alerts claiming a user’s account has been compromised or that they have won a gift card. Engaging with these notifications can result in users downloading harmful apps or providing personal information to malicious actors.
One prevalent scam observed by Renée is the gift card scam, where users are enticed with promises of substantial winnings, such as a $10,000 Walmart gift card. However, instead of receiving a prize, users are redirected through multiple domains to a fraudulent site. To claim the gift card, users are asked to provide personal details and complete endless surveys, falling victim to data collection schemes and never-ending ads.
Survey scams are also a common tactic used by scammers, as users are led to websites like reward-lockercom under the guise of winning a prize. These sites request personal information and require users to complete surveys, leading to additional advertisements and data harvesting without any actual reward.
Similarly, sweepstakes scams exploit users’ trust by advertising lucrative prizes on fraudulent sites like zippywinnercom. While users believe they have won big prizes, the reality is that the chances of winning are minimal. Instead, users are pushed into more surveys and deceptive schemes to extract personal information and generate ad revenue for scammers.
Renée’s research further unveiled that scammers utilize advanced techniques like domain cloaking and traffic distribution systems to evade detection and deliver varied content across compromised websites. Infoblox has observed these malicious activities on various platforms, emphasizing the extensive reach of push notification scams.
The impact of these scams goes beyond mere annoyance, as scammers harvest personal and financial information through misleading ads and phishing attempts. Renée’s research emphasizes the necessity for users to remain vigilant, avoid clicking on suspicious notifications, and refrain from sharing personal information in response to unsolicited alerts.
In conclusion, Renée’s findings shed light on the dangers of misused push notifications by cybercriminals, urging users to stay cautious and informed to protect themselves from falling victim to these pervasive scams.