Looking for IT Support In Wichita? Call Us Now! (316) 788-1372

When Pop-Ups Pretend to Be Work Alerts

paul-bush
written by paul bush posted on September 5, 2025

We’ve seen a rise in tickets lately caused by a sneaky trick: malicious website notifications disguised as legitimate work alerts. These pop-ups often look like they’re coming from trusted tools (like SharePoint or HR portals), but in reality, they’re phishing scams designed to steal credentials or trick you into clicking dangerous links.

Phishing Campaign
Here’s how a malicious notification can look when disguised as a corporate alert — don’t fall for it, even if it seems work-related.

Why This Is Dangerous

Once you click Allow, these fake notifications can:

  • Flood your desktop with scam alerts.
  • Mimic system or application messages to lower your guard.
  • Trick you into clicking links that lead to phishing pages or malware.
  • Steal login credentials to your Microsoft 365, HR system, or other sensitive accounts.

Even if you don’t interact further, the nonstop alerts cause confusion and waste valuable time.

Red Flags to Watch For

Red Flag Why It’s Suspicious
Pop-ups that appear during normal tasks Real HR portals or tools rarely ask for permissions this way.
Urgent language (“Click to verify,” “Access blocked”) Designed to create panic and force quick action.
Unfamiliar or mismatched URLs/domains Notifications should only come from your known company domain.
Requests for login info or sensitive data Legitimate notifications never ask you to enter credentials directly.

What To Do If You See One

  1. Don’t click the link. Close the pop-up right away.
  2. Report it to IT (or our helpdesk). We can remove the unwanted permissions and check your device.
  3. Run a quick security scan. This helps confirm nothing harmful slipped in.

Prevention Tips

  • When in doubt, always click “Block.” Most legitimate sites don’t need notification permissions.
  • Double-check domains. Hover over links to confirm they match your company’s official sites.
  • Review your browser settings. Remove any sites that don’t belong on your notification list. The National Cyber Security Center has a step-by-step guide for each browser.
  • Stay alert for familiar disguises. Just because it looks like SharePoint (or another trusted app) doesn’t mean it is.

Bottom line: Cybercriminals know that disguising scams as “work-related” makes them harder to spot. But with a little awareness and caution, these tricks are easy to avoid. Remember, when in doubt – verify!

 

OneSource Technology Tips & Articles