Google rolled out its Safe Browsing service eight years ago to protect internet users against traditional phishing attacks on the web. But the online security landscape has evolved since then and attacks are becoming much more sophisticated. That is why Google has fleshed out Safe Browsing to encompass deceptive social engineering attacks on the web.
Image: Example of social engineering content using Chrome
Google Safe Browsing is a service that provides a list of webpages containing malware or phishing content. The list is used by the Chrome, Safari and Firefox web browsers to check for unsafe websites which will then display a warning to users that attempt to access them. According to Google, around one billion people use Google Safe Browsing.
Social engineering attacks involve using web content that imitates those from a trusted entity such as a post office, bank or government. The content can then trick users into sharing their passwords or calling tech support to divulge personal details. These attacks are becoming increasingly common. Google recognises this and has expanded Safe Browsing to provide protection against social engineering.
On Chrome, if Safe Browsing identifies a webpage that contains social engineering content, the browser will display the following warning:
Examples of social engineering attacks include recent incidents involving crytoviruses which infect users’ computers by tricking them into opening emails that look like they’re sent by Australia Post, Energy Australia and the NSW Office of State Revenue. The social engineering content Safe Browsing can protect against are from attackers that set up fake websites which look nearly identical to those from legitimate businesses.
Here’s a sample of social engineering content posing as a Google account login page:
You can find out more over at the Google Online Security Blog.