Cybersecurity Awareness Month began on 1 October 1 2025. To celebrate this, we have prepared a number of articles that we will be issuing over the coming month to raise awareness of different cyber-related topics that affect University of Staffordshire. You may also notice the desktop backgrounds and screens around the campus being updated to celebrate this, so keep an eye out.
Today’s article covers malicious browser notifications as, unfortunately, we have recently seen this affect a member of the university which led to bank details being given away. On university-managed devices (e.g. staff laptops, and PCs), we have disabled the ability to allow browser notifications for security reasons therefore, this article is aimed at protecting you on your personal devices.
What are browser notifications?
Browser notifications are messages that appear in the lower right-hand corner of your screen in a notification panel (and can even display when your browser is closed):
These are often enabled when you receive a 'Show Notifications' request and have chosen to select 'Allow':
What are fake browser notifications?
Many websites use the browser notification functionality for genuine purposes however, malicious websites (posing as legitimate ones) misuse this feature to display malicious content. Often, these notifications will include fake content that will claim that your device is infected with malware, and impersonate popular anti-virus vendors (e.g. McAfee, or Norton) to appear more legitimate at first glance.
Receiving such notifications (without any other indicators) does not necessarily mean that your device is infected with malware. They are hoping that people will panic and interact with the notification – please, do not interact, or click on the notification as the intention is to direct you to destinations which may attempt to download malware, or collect personal details (login credentials, or bank details). As a precaution, we always recommend that you install a reputable anti-virus software and perform regular scans to ensure that your device is clean. If you do get such a notification, we recommend going directly to your anti-virus notification to see if the threat is confirmed in there – run a full scan if necessary!
You can see which website is the source of the notification in the notification itself (ID: 1 in the above image).
How to block notifications in Chrome and Edge
Google Chrome
1) Open Chrome
a.Launch the Chrome browser on your desktop
2) Go to “Settings”
a. Click the three vertical dots (⋮) in the top-right corner
b. Select “Settings” from the dropdown menu
3) Navigate to “Site Settings”
a. Scroll down and click “Privacy and security”
b. Click “Site settings”
4) Navigate to “Notifications”
a. Under “Permissions”, click “Notifications”
5) Review the allowed sites
a. You’ll see a list of sites under “Allowed to send notifications”
b. Look for any suspicious, or unknown URLs (e.g. ones you do not remember approving)
6) Block or remove the offending URLs
a. Click the three vertical dots (⋮) next to the site name
b. Choose “Block” to stop notifications, or “Remove” to revoke permission entirely
7) Optional: Turn off all notifications
a. Toggle off “Sites can ask to send notifications”, and toggle on “Don’t allow sites to send notification” to prevent any future prompts (this is recommended from a security perspective)
Microsoft Edge
1) Open Edge
a. Launch the Edge browser from your desktop
2) Go to “Settings”
a. Click the three horizontal dots (⋯) in the top-right corner
b. Select “Settings” from the dropdown menu
3) Navigate to “Privacy, search, and services”
a. In the left-hand sidebar, click “Privacy, search, and services” from the top block of options
4) Find “Notifications” in the permissions menu
a .Select “Site permissions” from the menu
b. Select “All permissions”, then “Notifications”
5) Review the allowed sites
a. You’ll see a list of sites under “Allowed to send notifications”
b. Look for any suspicious, or unknown URLs (e.g. ones you do not remember approving)
6) Block or remove the offending URLs
a. Click the three vertical dots (⋮) next to the site name
b. Choose “Block” to stop notifications, or “Remove” to revoke permission entirely
7) Optional: Turn off all notifications
a. Toggle off “Ask before sending (recommended)” to stop sites from requesting notification access (this is recommended from a security perspective)
Mozilla Firefox
1) Open Firefox
a. Launch the Firefox browser from your desktop
2) Go to “Settings”
a. Click the three stacked horizontal lines (≡) in the top-right corner
b. Select “Settings” from the dropdown menu
3) Navigate to “Privacy & Security”
a. In the left-hand sidebar, click “Privacy & Security”
4) Find “Notifications” in the permissions menu
a. Locate “Notifications” from the “Permissions” menu section
b. Select “Settings…” on the right
5) Review the allowed sites
a. You’ll see a list of sites in the UI pop-up
b. Look for any suspicious, or unknown URLs (e.g. ones you do not remember approving)
6) Block or remove the offending URLs
a. Click on the “Web Site” name
b. Choose “Remove Web Site” to revoke permission entirely
7) Optional: Turn off all notifications
a. Toggle on “Block new requests asking to allow notifications” to stop sites from requesting notification access (this is recommended from a security perspective)
What do I do if I've clicked on a malicious notification?
Firstly, we would recommend disabling the notifications, as described above, and running a full system anti-virus scan using a reputable anti-virus software. If you have clicked a malicious notification, and entered any login credentials, then reset these immediately and ensure that Multifactor Authentication (MFA) is enabled on the account. If you have entered your personal financial details, please advise your bank immediately and, if you are at a financial loss, please advise Action Fraud.
If your university account, or university financial details are at risk, please report it immediately.
