Learn to Identify and Eliminate Phishing Notifications

Email may be the most common form of phishing, but it’s not the only one. Modern Web browsers support a technology that enables websites to display system-level notifications just like regular apps. These push notifications have good uses, such as letting frequently updated websites inform users of new headlines, changed discussion threads, and more.

Unfortunately, push notifications can be subverted for malicious purposes, notably phishing. Here’s what happens. You visit a website that asks you if you’d like to receive notifications.

That request may be introduced with language that implies you must agree in order to get desired content, or it may be a bald-faced request to show notifications. If you agree, the website will be able to display alarming or deceptive phishing notifications even when it’s not open.

The goal is to trick you into clicking the notification, which will load a fake site that attempts to get you to enter login credentials or credit card information to facilitate identity theft.

The danger of phishing notifications is that they come from the system, so they may seem more legitimate than email messages trying to sucker you into revealing personal information. Nevertheless, as you can see in the examples above, they may still look sketchy in ways reminiscent of phishing emails:

●     No legitimate website would use emoji or symbols in a notification, much less multiple ones.

●     Although there are no glaring spelling or grammar mistakes, the use of all caps in the top notification is a giveaway. Similarly, standard notifications wouldn’t use exclamation points.

●     The use of “Click here” is poor information design that’s unlikely to come from a professional programmer or Web designer.

Phishing notifications, although problematic, aren’t a malware infection, and anti-malware packages won’t detect or remove them. Luckily, they’re easy to control and block in Safari and other Web browsers.

Prevent Phishing Notifications

The easy way to ensure you don’t see phishing notifications is to allow only trusted websites to send notifications. In general, we recommend keeping that list small so you’re not frequently interrupted by unnecessary notifications.

If you’re unsure that you’ll be able to identify malicious websites, you can enable a browser setting that prohibits all websites from asking for permission to send notifications. In Safari, choose Safari > Settings > Websites > Notifications, and deselect “Allow websites to ask for permission to send notifications” at the bottom.

Other browsers have similar options, and most will look like Google Chrome, as shown below:

●     Arc: Choose Arc > Settings > General > Notifications and select “Don’t allow sites to send notifications.”

●     Brave: Navigate to Brave > Settings > Privacy and Security > Site and Shield Settings > Notifications and select “Don’t allow sites to send notifications.”

●     Firefox: Go to Firefox > Settings > Privacy & Security > Notifications and select “Block new requests asking to allow notifications.”

●     Google Chrome: Navigate to Chrome > Settings > Privacy and Security > Site Settings > Notifications and select “Don’t allow sites to send notifications.”

●     Microsoft Edge: Choose Microsoft Edge > Settings > Cookies and Site Permissions > Notifications and turn off “Ask before sending.”

Browsers based on Chrome (everything except Firefox in the list above) offer a “Use quieter messaging” option that replaces the permission dialog with a bell icon next to the site name in the address bar—click it to allow notifications from that site.

Eliminating Phishing Notifications

Now you know how to prevent new sites from requesting permission to display notifications. What about sites that already have permission? It’s easy to block them in Safari’s Notifications settings screen. If you have any undesirable sites with Allow in the pop-up menu to the right of their name in the Notifications screen, choose Deny from that menu. You could remove the site instead, but that would allow it to ask for permission again.

Firefox’s interface is similar to Safari’s, but Chrome-based browsers have a different interface that separates the blocked and allowed sites. To block a website whose notifications you no longer want to receive, click the button to the right and choose Block. Again, you could remove undesirable sites if you prefer, but remember that if your notification settings ever change, doing so could allow the site to ask for permission once more.

Ultimately, it’s easy to avoid phishing notifications by paying attention as you browse the Web. Steer clear of websites that make an unexpected request to display notifications. Notifications aren’t necessary on hardly any websites, so there’s no harm in denying such requests unless you’re sure they’re legitimate.

(Featured image based on an original by iStock.com/tadamichi)

Social Media: Did you know that a phishing website can send you a notification right on your Mac? Learn how this could happen and how to prevent it in your favorite Web browser.

Adjust AirPods Options in the Settings App

If you sometimes have trouble configuring your AirPods, here’s the trick. The AirPods settings screen is available only when the AirPods are connected to your iPhone, so you must open their case or put them in your ears. Once you do that, a new item with the name of the AirPods appears at the top of the Settings app. Tap it to switch between Noise Cancellation and Transparency, configure what the press-and-hold action does, and start ear tip tests.

(Featured image by iStock.com/Vasily Makarov)

Social Media: Baffled about where the AirPods settings screen is hiding? To find it, start by opening their case or putting them in your ears, and then look for an option near the top of the iPhone Settings app.

Improve Privacy by Removing Metadata from Office Documents and PDFs

When we share data with others, we do so intentionally—a law firm sending a client legal documents, for instance. But those documents shouldn’t include ancillary information that might reveal other, more sensitive details. Because all digital files contain metadata—additional information about the file or its contents—it’s worth knowing what you could share inadvertently and learning how to avoid doing so.

Much metadata is innocuous, like file type and file size. However, some common file types contain additional metadata that can reveal information that you might not want to share. In this situation, the most common file types are Microsoft Office documents and PDF files. Let’s look at each and how you can see what metadata is there and remove it before sharing.

Cleaning Metadata from Microsoft Office Documents

Metadata that you might want to remove from Microsoft Office documents falls into two broad categories: reviewer information, like comments and tracked changes, and document properties.

The first thing to do when removing metadata is to use File > Save As to make a copy of your file and work on the copy. This automatically removes or resets some metadata and allows you to delete other metadata without worrying about losing it from your original.

If you use change tracking in Word or comments in any Office app, you may want to remove those before sharing a document to prevent recipients from seeing internal conversations or information about who worked on the document.

To remove change tracking and comments in Word, click Review in the toolbar. Next, click the arrow next to the Delete button in the comments section and choose Delete All Comments in Document. Finally, click the arrow next to Accept in the change tracking section and choose Accept All Changes and Stop Tracking. Browse through the document to make sure accepting

Excel and PowerPoint lack change tracking but let you add comments. Like Word, PowerPoint’s Review toolbar offers a similar menu associated with the Delete button; choose Delete All Comments in Presentation to clear the comments. In Excel, switch to the Review toolbar, choose Edit > Select All (comments can be deleted only from selected cells), and click the Delete button in the toolbar.

To see what metadata is in the document properties of a Word, Excel, or PowerPoint document, choose File > Properties, and look in the Summary, Statistics, and Custom tabs. Generally speaking, these won’t contain anything damning, but they may reveal information like the names of people associated with the document. Don’t assume there’s no metadata here just because you didn’t add anything manually—document control systems can add metadata you don’t expect.

The three Office apps offer different approaches to removing personal information in the Summary and Custom tabs, and the process is extremely different than in the Windows versions. (For Windows, refer to Microsoft’s instructions.) Here’s how you remove personal information:

Word:Choose Tools > Protect Document, and in the Password Protect dialog, select “Remove personal information from this file on save.” Save the document, and then

Excel: Choose Excel > Preferences > Security, and select the “Remove personal information from this file on save” checkbox. Then save the document and verify that the desired metadata is gone.

●     PowerPoint: PowerPoint appears to lack that checkbox, but you can choose File > Properties and manually delete all the information from the Summary and Custom tabs before saving the document.

Information in the Statistics tab is generally cleared or reset by using File > Save As, so you don’t need to do anything more to clear it.

If you’re truly concerned about not revealing additional information in shared Office documents, think about what might appear in headers and footers, footnotes, text that’s white (and thus invisible), hyperlinks, and macros. Finally, remember that you can hide text in Word, columns and rows in Excel, and slides in PowerPoint—that hidden content may reveal sensitive information if it’s allowed to remain in a shared document. In PowerPoint, you may also want to check for presenter notes you don’t want to share; choose View > Notes.

Cleaning Metadata from PDFs

Another way to remove a great deal of metadata from Office documents is to share a PDF of the document instead. By “printing” to PDF, anything that’s invisible automatically disappears. However, PDFs have their own metadata that you might want to review and remove. How you go about it depends on which apps you have available: Adobe Acrobat Pro or just Apple’s bundled Preview.

First, to view metadata in Acrobat Pro, choose File > Properties and click the Description tab (left). In Preview, choose Tools > Show Inspector and click the leftmost General Info tab (right).

Adobe Acrobat Pro provides several tools for redacting content (replacing it with a black box) and removing hidden content and metadata. To access them, click the Tools tab at the top of the screen and click Redact to display a pair of buttons on the secondary toolbar. Redact Text & Images lets you redact content, but you’ll most likely want to use Sanitize Document, which removes metadata and a boatload of possible hidden data.

It’s easiest to click Remove All, but you might prefer to click Selectively Remove and look at what Acrobat Pro finds before clicking the Remove button in the Hidden Information tab.

For those who rely on Preview for working with PDFs, there’s a simple process for removing metadata and anything else lurking in a PDF that’s good enough for most situations.

Choose File > Print, and then choose Save As PDF from the pop-up PDF menu at the bottom of the Print dialog. This may seem counterintuitive, but as with any other document type, printing in this way creates a PDF that contains only the visible information in the original, ensuring that all hidden data and metadata are removed.

Although all Mac users have Preview, there is another common option for removing metadata from PDFs—online tools. They’re easily found, but we urge caution. If you’re concerned about the recipient of your PDF being able to see metadata or hidden content, why would you trust a free online service with that information? If you want to head down this path, stick with sites headquartered in the European Union, which has stronger privacy regulations than other parts of the world. For instance, Metadata2Go, which displays all the metadata in a file, is in Germany, and Sejda, whose Edit PDF Metadata tool can remove all metadata, is based in the Netherlands.

One last thought. If you’ve gotten to this point and are thinking that you need an enterprise-wide solution to removing metadata, look for services like Adarsus’s MetaClean, which can automatically remove metadata from files sent as email attachments or stored on file servers.

(Featured image by iStock.com/Imilian)

Social Media: You want to share a file, but you don’t want to share details it may have picked up while under construction—who worked on it and when, tracked changes, hidden text, and more. Find out how to remove private metadata from Office documents and PDFs.