Browser push notifications

How to stop fake System notifications on macOS

Scammers are abusing an Apple feature that allows websites to create push notifications that look like they’re coming from macOS, or apps. The notifications try to scare users into clicking a link with fake virus alerts or messages saying their account has been hacked.

Years ago we warned our readers about the introduction of browser push notifications because we felt they were a feature waiting to be abused. At the time we focused on Windows users, but recently we are seeing examples of macOS users being plagued by this pest.

Gmail alert: Account has been.. Your data may be stolen. Fake alert by unnamed website
Your iCloud has been hacked notification by "ASK YOU"

As Apple proudly announced:

Use the Apple Push Notifications Service to send notifications to your website users, right on their Mac desktop — even when Safari isn’t running. Safari Push Notifications work just like push notifications for apps. They display your website icon and notification text, which users can click to go right to your website.

Do you see the problems?

  • “Even when Safari isn’t running.” So how are users supposed to know where the notifications are coming from?
  • “Work just like push notifications for apps.” My point exactly. How can we distinguish them from actual system notifications?
  • “They display your website icon.” Website icons are controlled by the website owner, so they can used the system settings icon for their website, making their notifications look like system notifications.
The Websites section in Safari settings shows a website that uses the macOS System Settings icon
The Websites section in Safari settings shows a website that uses the macOS System Settings icon

These settings can appear in Safari Settings or System Settings, and you can remove them by following the instructions below.

Application Notifications

Open your Apple System Settings and then select the Notifications tab along the left.

Scroll down the list under Application Notifications and look for any websites that have permission to send you notifications. The entry may have a name designed to mislead you, such as “ask you” or “Notifications”.

Under each item you will be able to see what type of notification permissions it has. To stop these, just click on the entry and turn off the slider at the top which will disable notifications for this item.

Applications notifications section with "ask you" highlighted
A website listed under Application Notifications with a misleading name and icon

Safari Settings

In the Safari app on your Mac, choose Safari and click Settings. Click Websites, then click Notifications.

Scroll through the list of websites and look for websites that don’t want to receive notifications from. Anything that shows Allow can send you messages, so switch them to Deny if you do not want to see their messages.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.