Phishing protection
Phishing is a common hacking method where attackers trick victims into clicking on malicious links and typing in their login credentials. It can also be used to steal the username and password of the victim to access their personal data or make financial transactions. The malicious pages are often exact copies of a well-known site, making it difficult to spot – and easy to fall for.
With the number and sophistication of phishing attacks on the rise, Google has come up with a live alert-system to warn users against potential phishing links through its Chrome browser.
Real-time checks
The tech giant has realised that its current system, where a list of flagged suspicious sites are checked against the users visited URLs every 30 minutes, could potentially be bypassed by experienced attackers.
In a blog post, Google wrote, “We’re noticing that some phishing sites slip through our 30-minute refresh window, either by switching domains very quickly or by hiding from Google’s crawlers”.
Google, therefore, plans to change its methods by checking each site visited on its Chrome browser against a list of safe websites. If the site is not on its ‘safe-list’, Google said it will automatically reference the URL to determine if it’s dangerous.
Safe browsing
So, whilst the feature was previously available for Chrome’s Safe Browsing mode where the URLs are checked locally every 30 minutes, it will now be checked in real-time for stronger security.
But does this mean Google will be keeping a log of every URL you visit? According to the tech giant, no. Google has stated that instead of checking the full URL, it only checks an encrypted version of the link, meaning that the company doesn’t see the actual URL that you are visiting.
Password protection
Not only will Chrome check URLs for malicious behaviour, but users who enter their passwords into sites found to be malicious or that have been deemed malicious will now also be warned by Google’s predictive phishing protection. The company commented,
“If this check determines that the site is indeed suspicious or malicious, Chrome will immediately show you a warning and encourage you to change your compromised password. If it was your Google Account password that was phished, Chrome also offers to notify Google so we can add additional protections to ensure your account isn’t compromised.”
You can turn on the new feature by enabling the ‘Make searches and browsing better’ feature in Chrome settings.
What do you think of Google Chrome’s new phishing feature? Let us know your thoughts @hyve!
