As phishing scams become more sophisticated, Google engineers explore ways to help users better identify potentially malicious URLs. Google Chrome is currently testing a new alert to mark these domain types, CNET reported on Tuesday.
This week's feature was highlighted by Emily Stark, Google Chrome security team engineer, who talked on Tuesday at the Enigma conference in Burlingame, California. According to CNET, the tool will mean misplaced URLs or suspect domains that want to mislead webmasters by imitating the addresses of other sites – a tactic that users manipulate by sharing payments or other personal information. When this happens, the tool will encourage users who lead the bed or the hidden URL instead to redirect to legitimate. CNET reported:
A new alert that is still being tested warns users not to go to a popular website or site they've been dealing with before. If a user wants to continue to go in that direction, he can click on "ignore". Stark said that her team wanted to raise the flag for users without being overwhelmed.
According to Stark, URLs are simply not as effective as red flags for users as they should be (especially on mobile devices), especially with increasingly hidden tricks in the game. The recent quiz about malicious phishing practices from Google's affiliates and Alphabet Jigsaw, for example, has fooled one of Gizmod's writers into two out of eight examples. These examples were based on legitimate fraud that Google has found and included, from fake documents and PDF files to unclear domains, some of which are extremely convincing.
It is well known that Google has been working for some time to address this issue. Speaking to Wired in September, Google Software Engineer Adrienne Porter Felt said the company wants to "move to a place where the web's identity is understandable to everyone-they know who they talk to when they use the site and can." To do that, Felt said , Google will have to investigate "big changes" in the display URLs.
ZDNet reported on Wednesday that Google actually tested "Navigation Proposal for Lookup URLs" from the last year's Chrome Canary 70 release. The site noted that users could allow it as an experimental feature in Chrome Canary as well as a stable version of Chrome, but added that a feature in a stable "failed to identify the same URLs that Canary picked up, which means that Google engineers are still fine-tuning their URL detection system before posting." Users here can find an experimental feature: chrome: // flags / # enabled-lookalike-URL-navigation-suggestions
Google's spokeswoman told Gizmodo that he was still working on this feature and that he did not yet have an official release date.[CNET]