Google will test new feature in Chrome to curb phishing

Chrome-623x427

The web browser will only display domain names as a way to help people recognize impostor websites.

Google will test a new feature in the Google Chrome web browser to help people spot websites that aim to trick them into giving away their personal data. The experiment, which will be rolled out on the desktop versions of Chrome 86, will involve hiding all parts of the web address except the domain name.

Currently, if you look at your address bar, the whole Uniform Resource Locator (URL) or web address of the website you’re visiting is visible. However, Chrome users who’ll be randomly chosen to be part of the experimental group will only see the domain name by default. In other words, instead of seeing the full web address of a specific post “welivesecurity.com/2020/08/14/google-test-new-feature-chrome-phishing/”, the address bar will just show “welivesecurity.com”.

“Our goal is to understand — through real-world usage — whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks,” reads the blog post announcing the change.

However, users who’d still like to see the full URLs will have two options – either by hovering their cursor over the address or by right-clicking on the URL and choosing “Always show full URLs” from the context menu.

As mentioned, the feature will be intended to curb phishing and scam attempts by cybercriminals who spoof websites of popular brands and companies in what is a proven tactic for duping many people into believing that the sites are legitimate.

In a recent study conducted by Google and the University of Illinois, more than 60% of users were hoodwinked when a deceptive brand name was part of the web address.

YOU MAY ALSO LIKE: Would you get hooked by a phishing scam? Test yourself

Indeed, homograph attacks have been muddying the internet’s waters for quite some time now. Attackers usually use a variety of techniques to alter a web address (almost) indiscernibly, including by adding the odd letter here and there or substituting letters for characters from non-Latin writing systems such as Cyrillic or Greek.

To avoid falling for traps set up by cybercriminals you should be careful when entering personal information on a website. Look for any irregularities in the web address or the content of the website and take a peek at its security certificate while you’re at it. You should also avoid clicking on links sent you by email; always type them out. Use two-factor authentication for an extra layer of protection.

written by Amer Owaida, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s