Google has announced real-time phishing protection with the help of improvements to ‘Safe Browsing’ which allow Chrome to check each new site you visit against a safe list stored on your computer and with Google so that Chrome can issue an instant warning if the site is thought to be suspicious or malicious.
As well as being sent to phishing pages via links in phishing emails, phishing links are also inserted into malicious advertisements and even direct messages on chat apps.
Also, even though Google’s existing ‘Safe Browsing’ feature adds thousands of new unsafe sites and to the blocklists of the web industry and Chrome already checks the URL of each site you visit/file you download against a local list which is updated every 30 minutes, Google has noted that some phishing sites are even able to slip through the 30-minute refresh window by switching domains quickly or by hiding from Google’s crawlers.
The multiple phishing threats coupled with the ability of some sites to side-step even a 30-minute time window are what have prompted Google to move into real-time phishing checks through Chrome.
Google’s new, improved protections via Chrome allow the inspection of the URLs of pages visited with Safe Browsing’s servers in real-time (local safe site list check + checks with Google) in order to be able to give users an instant warning that they may be on a malicious page as well as a prompt to change their password.
Google says that this real-time warning system on sites that are brand new can deliver a 30% increase in protections.
The issues of using weak passwords, password sharing, and the stealing of passwords through phishing are all-too-familiar threats. With this in mind, Google launched predictive phishing protections which can warn users who are syncing history in Chrome when they enter their Google Account password into suspected phishing sites. Google has now also expanded this protection to cover everyone signed in to Chrome (whether or not Sync is enabled) and the feature will also work for all the passwords stored in Chrome’s password manager.
This updated security feature now means that if you type one of your protected passwords (from Chrome’s password manager, or the Google Account password you used to sign in to Chrome) into an unusual site, Chrome will classify this as a potentially dangerous event.
Offering real-time phishing protection checks is one way to help Chrome users stay a step ahead of cybercriminals who have shown that they could even adapt their campaigns quickly enough to get past a sophisticated system that updates its security information every 30 minutes. This has to be good news for business and domestic users alike, and the flashing up of instant warnings on visiting new sites looks as though it could reduce the numbers of those who fall victim to phishing attacks as well as constantly reminding Chrome users of the risks that are ever-present on the Internet today and of how easy it would be to fall victim to ever-more convincing and sophisticated phishing attempts.