- Google has empowered Chrome with a new phishing URL warning system that works in real-time.
- The system can also act proactively, advising the user against the provision of credentials to unknown websites.
- As phishing gets more sophisticated and convincing, automated checkers are becoming crucially important.
Google has announced that Chrome has gotten a lot more robust against online dangers such as phishing attempts and password theft. The tech giant has gradually expanded the built-in protections of the popular browser to help the user stay safe and secure online. Back in October, Chrome got the Checkup extension that Google developed at the start of 2019, and which serves warnings of compromised credentials to the user in real-time. Now, the company is adding a powerful phishing attack warning system which will hopefully identify such ill-intended attempts before the user does.
Phishing is a persistent online risk that isn’t showing any signs of quietus. On the contrary, phishing actors are using more sophisticated methods and tools put great effort into making their platforms appear legitimate and generally make them harder to distinguish. This is why putting a “cold” checker in place that can’t be fooled by even the most advanced phishing tactics is so important, and Google has done precisely that. The new system works in real-time, comparing the domain you’ve landed on against an ever-updated database of unsafe sites that are refreshed every 30 minutes. This checking is based on partial URL fingerprint analysis, so Google is never getting to know the exact URL that you are trying to visit.
In the cases of phishing websites that are changing domains in less than 30 minutes, or those that manage to hide from Google’s crawlers, Chrome uses a “safe-list” that is stored locally on the user’s computer. If the website is not matching any entry on that list, then a warning is displayed to the user. In 30% of the cases, these warnings concern websites that were confirmed to be phishing domains. Finally, Google has added “predictive phishing protection” to Chrome, warning users who are trying to enter their credentials on an unsafe or suspicious website.
All of the above is currently being rolled out gradually with version 79, and they are the result of the work that is being done in Google’s “Safety Engineering Center” in Munich which opened in May 2019. That said, the company promises a galore of security and privacy-protection features to land throughout 2020 in Chrome, helping make the world’s most widely-used internet browser safer for everyone. To activate the new feature, you need to go to the browser’s settings, select “Privacy and Security”, open the “advanced” options, click on the “Sync and Google services”, and then toggle the “Make searches and browsing better” switch to “on”.