Threat Intelligence Directory
Malware

Malicious Browser Notification Hijacking

Attack Trigger

Deceptive "click Allow to verify you are human" prompt grants persistent notification permissions

What Attackers Want

Malware installation or credential phishing via persistent desktop notifications

How This Attack Works

Users are tricked into clicking "Allow" on browser notification permission prompts disguised as CAPTCHA verifications, age checks, or video loading gates. Once granted, the attacker sends a continuous stream of fake virus warnings, prize notifications, and phishing links directly to the victim's desktop even when the browser is closed, until permissions are manually revoked.

Red Flags to Watch For

  • A website prompts you to click "Allow notifications" before showing any content
  • Pop-up is styled to look like a CAPTCHA or age verification rather than a notification opt-in
  • Notifications appear even when your browser is not visibly open
  • Notification content claims your computer is infected or you have won a prize
  • Notification links go to domains you do not recognize
  • Multiple notifications arrive in rapid succession from the same source

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

  • allow-notifications-now.comMALICIOUS
  • click-allow-to-continue.netMALICIOUS
  • push-notify-enable.comMALICIOUS
  • news-alerts-subscribe.netMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.

How Glance Stops This

  • Domain similarity analysis catches lookalike sender addresses at millisecond speed
  • SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
  • VirusTotal + Google Safe Browsing checks every link in real time
  • Urgency language detection scores the email higher for manual review
  • Known malicious domain blocklist updated continuously from live scan data

Don't wait to get hit.

Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.

Protect My Inbox — Free

Similar Threats

Malware

Rogue Antivirus / Tech Support Pop-Up Scam

Medium
Malware

Tech Support Scam — Remote Access Fraud

Medium
View all threat profiles