As phishing scams become increasingly sophisticated, Google’s engineers have been exploring ways to help users better identify potentially nefarious URLs. Google Chrome is currently testing a new warning to flag these types of domains, CNET reported Tuesday.
The feature was highlighted this week by Emily Stark, an engineer on Google Chrome’s security team, who spoke Tuesday at the Enigma Conference in Burlingame, California. According to CNET, the tool would essentially flag mistyped URLs or shady domains looking to deceive web users by closely mimicking the addresses of other websites – a tactic used to manipulate users into sharing payment or other personal information. When this happens, the tool will prompt users headed to a bunk or sketchy URL to instead reroute to a legit one. CNET reported:
The new warning, which is still being tested, alerts users to the fact that they aren’t heading to a popular website or a website they’ve engaged with in the past. If the user wants to keep going in that direction, they can click “ignore.” Stark said her team wanted to throw up a flag for users without overselling the danger.
According to Stark, URLs just aren’t as effective as red flags for users as they should be (especially on mobile), particularly with increasingly stealthy tricks at play. A recent quiz on malicious phishing practices from Google and Alphabet subsidiary Jigsaw, for example, fooled one of Gizmodo’s staff writers in two out of eight examples. Those examples were based on legitimate phishing scams Google’s encountered and included everything from fake docs and PDF files to sketchy domains – some of which are extremely convincing.
We’ve known that Google has been working on a solution to this problem for a while now. Speaking with Wired back in September, Google software engineer Adrienne Porter Felt said the company was looking to “move toward a place where web identity is understandable by everyone – they know who they’re talking to when they’re using a website and they can reason about whether they can trust them.” To do this, Felt said, Google would need to explore “big changes” to URL displays.
ZDNet reported Wednesday that Google’s actually been testing a “Navigation suggestions for lookalike URLs” feature since last year’s release of Chrome Canary 70. The site noted that users can enable it as an experimental feature in Chrome Canary as well as the stable version of Chrome, but added that the feature in stable “failed to detect the same URLs that Canary picked up, meaning Google engineers are still fine-tuning their lookalike URL detection system before its official release.” Users can find the experimental feature here: chrome://flags/#enable-lookalike-url-navigation-suggestions
A Google spokesperson told Gizmodo that it’s still working on the feature and that there’s no official release date just yet. [CNET]