Have you randomly encountered a notification that says, "Click allow if you are not a robot" while browsing a website? The webpage may also display a small pop-up in the top-left corner requesting your consent to receive notifications from the site. It's a trick cybercriminals use to convince you to subscribe to push notifications and then target you with malicious ads.

What is the purpose of these pop-up notifications? Do they pose a threat to your privacy? And what can you do to get rid of them?

An Overview of “Click Allow if You Are Not a Robot” Pop-Up Notification

Robot With a Checkmark Saying I Am Not a Robot

Most websites, especially those protected by Cloudflare or similar services, require users to solve a captcha to verify their identity. It's a good step to reduce bot traffic and save the website from attacks, but some fraudsters use such verifications to entrap victims. A typical example of such a trap is the fake "Click allow if you are not a robot" pop-up notification.

These pop-up scams involve tricksters setting up fake verification pop-up notifications on different web pages. When users land on these pages, a verification pop-up appears and directs them to follow the instructions added by the cybercriminals. The scammers try to trick victims into believing that the pop-up is just another captcha pop-up.

In reality, they lure their victims into clicking the Allow button, which, when clicked, enables push notifications from that site. By clicking Allow, victims permit the scammer's website to send notifications via their browser. Following that, scammers use push notifications to harm their victims. But how could such notifications harm you?

How Scammers Harm Victims With Push Notifications

Receiving a Push Notification on Windows Device

When victims enable push notifications on a website, pop-up ads appear randomly on their screens. These notifications are clickable and designed to entice users to click them. With these push notifications, scammers can deceive and direct their victims to whatever they want.

They may direct you to a sketchy offer where they have set up additional traps, take you to content you won't like, or a website that automatically downloads malicious software when you land there. When clicked, these notifications can even trigger malicious scripts that compromise your security by hacking your browser or device.

Since the notifications are clickable, even a misclick can misdirect you and cause unavoidable damage. Thus, you must distinguish fake verification pop-ups from real ones and avoid allowing malicious websites to send you notifications. How exactly can you accomplish this?

How to Spot the Fake Verification Pop-Ups

A Hook Fetching Login Details From a Laptop

Here are some tips to help you spot fake verification pop-ups, distinguish them from the real ones, and avoid granting permission to scammers to send you malicious notifications:

  • Usually, when you land on an authentic captcha verification pop-up, the captcha verification window opens immediately. Conversely, the fake ones pop up while you're reading the content you've already accessed.
  • A fake verification page usually displays a pop-up to enable notifications in the top-left corner of the same webpage. In contrast, an actual captcha verification page would not show one.
  • Usually, fake verification pages do not have SSL certificates installed. It's another sign that something is amiss.
  • Users who solve a fake captcha are redirected to a sketchy site. Real ones will keep you on the same site and show you the content you're looking for.
  • Real verification pages never ask for confidential information; they just ask you to solve the captcha. If you are asked for critical information, it's a scam.

Hopefully, the above tips will help you identify fake verification pop-ups and avoid compromising your device. However, what if you have mistakenly granted the website permission to send notifications?

How to Deal With Accidentally Enabled Notifications on Your Browser

If you have accidentally permitted a website to send you notifications by clicking on the pop-up, you should first block that website from sending you notifications in the future. To prevent Chrome from sending you further annoying notifications from this website, follow these steps,

  1. Click on three vertical dots in the top-right corner and select Settings.
  2. In the left sidebar, click Privacy and security.
  3. In the right pane, click Site settings.
  4. Under Permissions, click Notifications.
  5. In the Allowed to send notifications section, click the three vertical dots next to the website that is allowed to send notifications and click Remove.
    Removing a Website From Chrome's Notification Settings to Stop Receiving Notifications From It

In the same way, you can turn off annoying notifications on Firefox, Safari, and other browsers. After disabling notifications, check your browser for hijackers and remove them if necessary.

Doing this will ensure that the pop-up hasn't caused any harm other than enabling notifications on your browser. To be on the safe side, scan your device for malware to ensure it is malware-free.

In addition to the above:

  • Scammers might have access to the passwords you've saved in your web browser. Therefore, you should change them.
  • Check your browser extensions and remove any notorious extensions you don't remember adding.
  • Check the security settings of your browser and reset it if you see any suspicious changes.
  • Change the password of Google, Microsoft, or any other account logged into the browser where you gave access by mistake.

Hopefully, the above tips will minimize the risk of cybercriminals further exploiting information they may have retrieved from your browser already.

How to Avoid Receiving Fake Pop-Ups

To prevent receiving such fake pop-ups in the future, you must take some precautions ahead of time. First, you should enable a pop-up blocker on your browser to prevent pop-ups from showing up. Most web browsers have a built-in feature for this, so refer to your browser's documentation for directions.

Furthermore, install a reliable security extension on your browser that regularly scans your browser for hijackers and removes them. Along with that, make sure you follow these tips:

  • Don't visit websites that do not have SSL encryption.
  • Avoid visiting web pages that are full of advertisements.
  • Double-check the verification captchas to make sure they're not just a trap.
  • Do not click on banners and offers that appear too good to be true.

Don't Fall for the Fake Verification Pop-Ups

Scammers are very good at mimicking verification captchas and making them look natural. Hopefully, our article will help you understand how these fake verification pop-up scams work and avoid falling for them. Furthermore, spread the word about this scam to protect your loved ones.