When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achieve that, users are hoaxed into subscribing to notifications, for example, by passing subscription consent off as some other action. The victim ends up subscribed to ad deliveries, while at the same time quite unable to get rid of the annoying messages, being unaware of their source or origin.
Other than ads, downright scam notifications may also be delivered, such as about lottery wins, or offers of money in exchange for completing a survey. All such proposals are usually phishing attacks seeking to coax users to part with their money. We have repeatedly anatomized such cases in our quarterly spam and phishing reports.