Late last year, Google beefed up its Safe Browsing service that protects internet users from various tricks attackers use to gain access to their computers. Google has now bolstered Safe Browsing further by warning users of embedded content like ads that pretend to be from a legitimate company to get users to download dodgy unwanted software. Here's what you need to know.
When a webpage or person pretends to be a trusted entity and tries to get you to do something or urges you to provide private information, that is considered social engineering. As cyberattackers become smarter, they are starting to use social engineering techniques to make users install malware or superfluous software on their devices.
There are a number of websites floating around, claiming to be technology vendors like Google, Adobe or Microsoft in order to trick users into downloading fake updates for popular software. This is why Google took action in November and added a layer of protection against social engineering websites. This time around, Google has expanded Safe Browsing's remit to cover deceptive embedded content as well, such as online ads on pages that ask you to upgrade your software.
Safe Browsing, which is used by by Chrome, Safari and Firefox web browsers, will warn users if such content appears on a particular webpage and advise them to steer clear.
Here are some examples of pop-ups that Google Safe Browsing can detect:
This pop-up claims that your software is out-of-date to trick you into clicking “update”.
This pop-up mimics a dialogue from the FLV software developer — but it does not actually originate from this developer.
If you're worried your website will somehow be affected, here's Google's advice to you:
If visitors to your web site consistently see social engineering content, Google Safe Browsing may warn users when they visit the site. If your site is flagged for containing social engineering content, you should troubleshoot with Search Console.