Cookies, Push notifications, and clickable links

One aim of a "lightweight" web criminal is
to get you to click a link.
Its easy, cheap and can work for years without any effort on their part.

 

Why is clicking a link hazardous?

Clicking on a link can expose your computer to infection - and expose you to all kinds of scams. You should always check out a link to see if its safe.

I'll show you how to do this in a moment. But if you want to rush ahead, click here.

First lets look at two dialogs you often see when browsing: A "cookie acceptance" dialog - generally innocuous; and a "push notification" dialog which may not be.

Both of these will get you used to clicking "accept" - but you need to be wary of doing so.

  Cookies are (usually) safe  

cookies

Often a site you visit will not work - or not work smoothly - without cookies.

Cookies in themselves arent harmful, but they can expose your browsing habits - so perhaps let a company know what products you have been considering.

What is a cookie

A cookie is a tiny bit of information that gets stored on your device. Its too small to hold a virus. Websites use cookies to streamline your web experiences. Without cookies, you'd have to login again after you leave a site or rebuild your shopping cart if you accidentally close the page. Shopping sites use cookies to track items users previously viewed, allowing the sites to suggest other goods they might like and keep items in shopping carts while they continue shopping.

So many sites rely on cookies that often you will not be able to use the site until you have agreed to cookies via the "accept" button. It becomes a habit.

 Push notifications - often dangerous 

push request

 

By allowing a site to send notifications you are giving them permission to put any message or content they wish on your desktop at any time.

What is a notification

Push notifications are short messages that pop up on the user's mobile or desktop, nudging them to take some action. It comes from a site you have visited when you have given permission to send it. Sometimes this can be a reminder of an appointment, a delivery, a travel cancellation - or just be a reminder of a special offer.

Be suspicious - WHY does the company want to put messages on your screen at its own convenience?

You should only EVER allow them if you trust the site and WANT to get notifications from them. Fortunately they can only do this if you give them permission.

IMPORTANT: Allowing permission for a push notification is easy. There is presently NO easy way to withdraw that permission.

What harm can push notifications do?

In themselves they may just be a nuisance, popping up whenever you are browsing; but they can put misleading messages up that will worry you into taking action (such as clicking a link).. Here are two examples. The buttons (clean the computer, click here to fix the error, or in #2 "fix the problem") are all links, so you can check them as you see below. REMEMBER ANY part of the notification can be a link - even the X.

A push notification

push 1

Another push notification

push 2

Payment for a click!

Many advertising or selling sites will pay the "referrer" a small sum when they are visited. All they want is for you to read about (and possibly buy) their product. Because the bad guys can get money this way they have devised tricks to get you to visit pages you never intended to; this is "clickbait"

 Clickbait 

"Clickbait" is copy material specially designed to interest you and tempt you to click a link for "more information".

Here is an example - why would you want to put a rubber band around a door handle? A few seconds to see why wont hurt so we click on it.

The page you land on "21 Simple Home Repair Hacks To Save Your Time And Money" has some new features;
A LOT more "clickbait" links like this one; and a box asking to "allow notifications". (more later)

The title has already "primed" you for 21 clicks. The more you click the less cautious you become, until ..

you click on a link you really should not have clicked. This is where clickbait becomes more dangerous.

Bear this in mind;

a link that indicates it will take you to a safe (or seemingly innocuous) site may not do so.

 

How to check a link

HMRC Tax Returns Online <- this is a link

Rest your mouse cursor over the link above - DONT CLICK! This is called hovering. At the bottom left of your browser screen you will see some text telling you where the link will take you. Notice that the text does NOT say "HMRC etc" or anything remotely similar. This is a clue that the link may not be safe.

Try hovering over this link - would it be safe to click? What do you read in the text (bottom left of browser screen).

 

 

There is no obvious indication that this image is also a link, but if you hover your mouse over it you will see the link address in the bottom left of your browser window.

Now click on the image to see what happens.

It IS safe - its a test of your virus protection.

 Links to downloads 

A link can also trigger a download.

This is one way you can get useful programs for your PC; for example THIS PAGE will let you download a program that can check the health of your hard drive.

If you click the green button on that page to start the download ..

You should see a window like this

 

In this case its safe to save it - its a useful program.

However download links aren't always so obvious nor so innocent.

 

You should NEVER download and install a program unless you know its safe -
and if you think you do, check that the program you download is what you expected BEFORE you install it!